This privacy policy provides comprehensive information relating to how we collect, use, and share your personal data and medical information at OA Facial Plastics (“OAFP”) and the rights you have in relation to this data. It applies to your use of OAFP’s website and other digital and online services provided by OAFP (“Website”) and describes our privacy practices relating to the Website.

Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (”personal data”).

1. Contact Information

OA Facial Plastics
9002 N Meridian Street
Suite 222
Indianapolis, IN 46260
E-Mail: oaprivacy@otolaryn.com
Phone: (317) 573-4355

2. Limitations

The owner of the Website is based in the State of Indiana in the United States. We provide this Website or use only by persons located in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

This privacy policy describes the use of your personal data collected through the Website and your other Website-related communications with us. In addition, our HIPAA Notice of Privacy Practices describes how we can use and share your protected health information (PHI). In case of conflict between this privacy policy and the Notice of Privacy Practices, the Notice of Privacy Practices shall govern. The Notice of Privacy Practices does not apply to information that is not PHI.

The Website is not designed for you to communicate with our providers regarding your specific treatment or care, and we do not monitor or respond to such enquiries communicated via the Website. If you wish to seek care or communicate regarding your treatment please contact us directly at (317) 621-2449 to speak to one of our health professionals. 

3. Categories of personal data we collect

The data we process is determined by the context in question: For example, it may vary depending on whether you have submitted an inquiry via our contact form, registered for our newsletter or submitted a complaint. 
We obtain personal data from the following categories of sources:
directly from you; for example, from forms you complete on our Website 
indirectly from you; for example, from observing your actions on our Website 
 
When you visit our Website, we collect and process the following data:
 
name of your Internet service provider 
information on the website you have visited us from 
web browser and operating system used 
the IP address assigned by your Internet service provider 
requested files, amount of data transferred, downloads/file export 
information on the pages of our Website(s) that you visit, including date and time 
 
When you send us a “Contact” request or “Request An Appointment”, we collect and process the following data:
last name, first name 
contact data (email address and telephone number) 
details on your health preferences and interests 
your message to us (if any) 
 
When you participate in any of our promotions that we may organize from time to time, the data that we
collect and process includes the following:
last name, first name 
contact data (address, email address telephone number) 
age 
sex 
 
We also keep track of how you use and interact with our Website through the use of cookies and other
tracking technologies as listed below.
 

a. Cookies
Our Website uses what are known as cookies at multiple points. These are used to make our offering more user-friendly, effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser (locally on your hard disk). 

These cookies enable us to analyze how users use our Website. This means we can design the Website content according to our visitors’ needs. 
 
We use both session cookies and permanent cookies. The session cookies are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when their expiry date is reached or when you delete them yourself before the expiry date. 
 
Most web browsers accept cookies automatically. You can usually change your browser’s settings if you would prefer not to send the information. Please note, however, that some of the Website’s features may not function properly if you disable cookies. 
b. Social Media Widgets
 
The Website may contain links to our practice’s accounts on Facebook and LinkedIn platforms. Clicking on any such links means that the respective social network receives information on which website you came from as a user. It is also possible if you are currently logged in to the network in question, that the social network links this information to your account. 
 
c. Google Analytics 
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google uses cookies. The information generated by the cookie on the use of our content by the users is usually transmitted to a Google server in the USA and stored there.
 
Google will use this information on our behalf to evaluate the use of our Website and content by users, to compile reports on the activities within the Website, and to provide us with other services related to the use of our Website content and internet usage. Also, pseudonymous usage profiles of the users may be created from the processed data.
 
Users may prevent the collection by Google of the data generated by the cookie and related to their use of the content and the processing of such data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en 
 

If your browser does not support the link to the Browser Add-On from Google (e.g. when using our Website from your smartphone), you can also opt out of data collection by Google Analytics by clicking on the link below. An opt-out cookie is then stored that prevents the future collection of your data when visiting the Website.

Click here to opt out of Google Analytics measurements. 

4. How we use your personal data 

We use the information we receive about you for the purposes described in this privacy policy. We generally process personal data received about you through our Website on the legal basis of our legitimate interests in providing the Website and as necessary to provide you with our services. Where appropriate, we may rely on alternate legal bases, such as your consent to certain types of processing. We use your data to initiate a business relationship, to fulfill contractual and legal obligations, to conduct the contractual relationship, to offer products and services, and to strengthen the customer relationship, which may include marketing and direct mail.

5. How we share your personal data  

We will only share your data with third parties as described herein or within the scope of applicable law or with the appropriate consent. Otherwise, it will not be shared with third parties unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies such as law enforcement authorities in the United States). 

a. Within our organization 

Within our organization (including Otolaryngology Associates, LLC) our standard practice is that individuals who receive data are limited to those who require that data to fulfill their employment, contractual or legal obligations. 

In many cases, our specialist departments are supported by Service Providers (defined below) to fulfill their tasks. 

b. With our Service Providers 

We work with various organizations and individuals to help provide our services to you (“Service Providers”), such as web and data hosting companies and companies providing analytics information. We need to engage such third-party Service Providers to help us operate, provide, and market our services. These third parties have only limited access to your information and may use your information only to perform these tasks on our behalf. Information we share with our Service Providers may include both information you provide to us and information we collect about you, including personal data and information from data collection tools like cookies. 

We take reasonable steps to ensure that our Service Providers are obligated to reasonably protect your information on our behalf. If we become aware that a Service Provider is using or disclosing information improperly, we will take commercially reasonable steps to end or correct such improper use or disclosure. 

We share personal data with our Service Providers on the legal basis of our legitimate interests in providing you with our services. Our engagement of Service Providers is often necessary for us to provide the services to you, particularly where such companies play important roles like helping us keep our services operating and secure. In some other cases, these Service Providers aren’t strictly necessary for us to provide our services, but help us make it better, like by helping us conduct research into how we could better serve our users. In these latter cases, we have a legitimate interest in working with service providers to make our services better. 

c. To conduct business transactions 

We may purchase other practices or businesses or their assets, sell our practice or business assets, or be involved in a bankruptcy, merger, acquisition, reorganization or sale of assets. Your information, including personal data, may be among assets sold or transferred as part of a business transaction. In some cases, we may choose to buy or sell assets. Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enable our organization to develop over the long term.  

d. To respond to safety and lawful requests 

We may be required to disclose your information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We generally do not disclose user information unless we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. We may share your information when we believe it is necessary to comply with applicable laws, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the services or using our name, or to protect the safety of any person. This may include sharing information with other companies, lawyers, agents, or government agencies. Nothing in this privacy policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information. 

e. Aggregated non-personal data 

We may disclose aggregated, non-personal data received from providing the services, including information that does not identify any individual, without restriction. We may share demographic information with business partners, but it will be aggregated and de-personalized, so that personal data is not revealed. 

6. Data retention period

We store your data as long as it is necessary for the processing purpose in question. Please note that a number of legally imposed retention periods require data to be stored for extended periods. This relates in particular to commercial or fiscal retention obligations. Unless there are further retention requirements, the data will be routinely deleted after use. 

In addition, we may retain the information if you have given us your permission to do so, or in the event of legal disputes and we use evidence within the statutory limitation periods. 

7. Data retention period 

The security of your personal data is important to us. We make commercially reasonable efforts to secure and protect the privacy, accuracy, and reliability of your information and to protect it from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We have implemented security measures consistent with industry standards. As no data security protocol is impenetrable, we cannot guarantee the security of our systems or databases, nor can we guarantee that personal data we collect about you will not be breached, intercepted, destroyed, accessed, or otherwise disclosed without authorization. Accordingly, any information including your personal data is provided by you at your own risk.  

8. Links to other providers 

Our Website also contains links to the websites of other companies. Where links to websites of other providers are available, we have no influence as to their content. As a result, no guarantee and liability can be assumed for this content. The content of these pages is always the responsibility of the respective provider or operator of the pages. 

9. Online offerings for children

We do not collect any information from children. Persons under the age of 18 are not permitted to submit any personal data to us without the consent of the legal guardian or a declaration of consent. We encourage parents and guardians to actively participate in the online activities and interests of their children. 

10. California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to oaprivacy@otolaryn.com .

11. Changes to our privacy policy

We may modify this privacy policy from time to time. The most current version of this privacy policy will govern our use of your information and is located at HIPAA Notice of Privacy Practices. We will notify you of material changes to this policy by posting a notice at the Website or by emailing you at an email address associated with you, if applicable, and provide an “at a glance” overview of any changes. 

Skip to content