This privacy policy provides comprehensive information relating to how we collect, use, and share your personal data and medical information at OA Facial Plastics (“OAFP”) and the rights you have in relation to this data. It applies to your use of OAFP’s website and other digital and online services provided by OAFP (“Website”) and describes our privacy practices relating to the Website.
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (”personal data”).
OA Facial Plastics
9002 N Meridian Street
Suite 222
Indianapolis, IN 46260
E-Mail: oaprivacy@otolaryn.com
Phone: (317) 573-4355
The owner of the Website is based in the State of Indiana in the United States. We provide this Website or use only by persons located in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.
This privacy policy describes the use of your personal data collected through the Website and your other Website-related communications with us. In addition, our HIPAA Notice of Privacy Practices describes how we can use and share your protected health information (PHI). In case of conflict between this privacy policy and the Notice of Privacy Practices, the Notice of Privacy Practices shall govern. The Notice of Privacy Practices does not apply to information that is not PHI.
The Website is not designed for you to communicate with our providers regarding your specific treatment or care, and we do not monitor or respond to such enquiries communicated via the Website. If you wish to seek care or communicate regarding your treatment please contact us directly at (317) 621-2449 to speak to one of our health professionals.
a. Cookies
Our Website uses what are known as cookies at multiple points. These are used to make our offering more user-friendly, effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser (locally on your hard disk).
If your browser does not support the link to the Browser Add-On from Google (e.g. when using our Website from your smartphone), you can also opt out of data collection by Google Analytics by clicking on the link below. An opt-out cookie is then stored that prevents the future collection of your data when visiting the Website.
Click here to opt out of Google Analytics measurements.
4. How we use your personal data
We use the information we receive about you for the purposes described in this privacy policy. We generally process personal data received about you through our Website on the legal basis of our legitimate interests in providing the Website and as necessary to provide you with our services. Where appropriate, we may rely on alternate legal bases, such as your consent to certain types of processing. We use your data to initiate a business relationship, to fulfill contractual and legal obligations, to conduct the contractual relationship, to offer products and services, and to strengthen the customer relationship, which may include marketing and direct mail.
5. How we share your personal data
We will only share your data with third parties as described herein or within the scope of applicable law or with the appropriate consent. Otherwise, it will not be shared with third parties unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies such as law enforcement authorities in the United States).
a. Within our organization
Within our organization (including Otolaryngology Associates, LLC) our standard practice is that individuals who receive data are limited to those who require that data to fulfill their employment, contractual or legal obligations.
In many cases, our specialist departments are supported by Service Providers (defined below) to fulfill their tasks.
b. With our Service Providers
We work with various organizations and individuals to help provide our services to you (“Service Providers”), such as web and data hosting companies and companies providing analytics information. We need to engage such third-party Service Providers to help us operate, provide, and market our services. These third parties have only limited access to your information and may use your information only to perform these tasks on our behalf. Information we share with our Service Providers may include both information you provide to us and information we collect about you, including personal data and information from data collection tools like cookies.
We take reasonable steps to ensure that our Service Providers are obligated to reasonably protect your information on our behalf. If we become aware that a Service Provider is using or disclosing information improperly, we will take commercially reasonable steps to end or correct such improper use or disclosure.
We share personal data with our Service Providers on the legal basis of our legitimate interests in providing you with our services. Our engagement of Service Providers is often necessary for us to provide the services to you, particularly where such companies play important roles like helping us keep our services operating and secure. In some other cases, these Service Providers aren’t strictly necessary for us to provide our services, but help us make it better, like by helping us conduct research into how we could better serve our users. In these latter cases, we have a legitimate interest in working with service providers to make our services better.
c. To conduct business transactions
We may purchase other practices or businesses or their assets, sell our practice or business assets, or be involved in a bankruptcy, merger, acquisition, reorganization or sale of assets. Your information, including personal data, may be among assets sold or transferred as part of a business transaction. In some cases, we may choose to buy or sell assets. Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enable our organization to develop over the long term.
d. To respond to safety and lawful requests
We may be required to disclose your information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We generally do not disclose user information unless we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. We may share your information when we believe it is necessary to comply with applicable laws, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the services or using our name, or to protect the safety of any person. This may include sharing information with other companies, lawyers, agents, or government agencies. Nothing in this privacy policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
e. Aggregated non-personal data
We may disclose aggregated, non-personal data received from providing the services, including information that does not identify any individual, without restriction. We may share demographic information with business partners, but it will be aggregated and de-personalized, so that personal data is not revealed.
6. Data retention period
We store your data as long as it is necessary for the processing purpose in question. Please note that a number of legally imposed retention periods require data to be stored for extended periods. This relates in particular to commercial or fiscal retention obligations. Unless there are further retention requirements, the data will be routinely deleted after use.
In addition, we may retain the information if you have given us your permission to do so, or in the event of legal disputes and we use evidence within the statutory limitation periods.
7. Data retention period
The security of your personal data is important to us. We make commercially reasonable efforts to secure and protect the privacy, accuracy, and reliability of your information and to protect it from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We have implemented security measures consistent with industry standards. As no data security protocol is impenetrable, we cannot guarantee the security of our systems or databases, nor can we guarantee that personal data we collect about you will not be breached, intercepted, destroyed, accessed, or otherwise disclosed without authorization. Accordingly, any information including your personal data is provided by you at your own risk.
8. Links to other providers
Our Website also contains links to the websites of other companies. Where links to websites of other providers are available, we have no influence as to their content. As a result, no guarantee and liability can be assumed for this content. The content of these pages is always the responsibility of the respective provider or operator of the pages.
9. Online offerings for children
We do not collect any information from children. Persons under the age of 18 are not permitted to submit any personal data to us without the consent of the legal guardian or a declaration of consent. We encourage parents and guardians to actively participate in the online activities and interests of their children.
10. California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to oaprivacy@otolaryn.com .
11. Changes to our privacy policy
We may modify this privacy policy from time to time. The most current version of this privacy policy will govern our use of your information and is located at HIPAA Notice of Privacy Practices. We will notify you of material changes to this policy by posting a notice at the Website or by emailing you at an email address associated with you, if applicable, and provide an “at a glance” overview of any changes.