Privacy Policy of Catherine S. Chang, MD, FACS, INC. DBA Privé Beverly Hills

Effective Date: May 27, 2024

Welcome to the Privacy Policy of Catherine S. Chang, MD, FACS, INC. DBA Privé Beverly Hills (“Privé Beverly Hills,” “we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy applies to all information collected through our website (https://privebevhills.com/) and any related services, sales, marketing, or events (collectively referred to as the “Services”).

1. Introduction

Privé Beverly Hills provides medical and wellness services designed to promote optimal health and well-being. Our Privacy Policy helps you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

2. Your Privacy and HIPAA Compliance

Your privacy and confidentiality are important to us. Catherine S. Chang, MD, FACS, privacy policy strives to respect your privacy regarding any information we may collect across our website (https://www.drcatchang.com) and abides by the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) established in HIPAA.

The Privacy Rule standards in HIPAA address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule—called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties. A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well-being. This is a summary of key elements of the Privacy Rule and not a complete or comprehensive guide to compliance. To review the entire Rule itself, and for other additional helpful information about how it applies, see the OCR website: www.hhs.gov/ocr/hipaa.

3. Types of Information Collected

We may collect the following types of information:

  • Personal Identification Information: Name, email address, phone number, etc.
  • Health Information: Information relating to treatments, consultations, and health status necessary for our services.
  • Transactional Data: Billing and payment data.
  • Technical Data: Cookies, analytics, and usage data from our website.

4. How Information is Collected

We collect information:

  • Directly from you: When you provide it to us (e.g., filling out forms, signing up for services or newsletters).
  • Automatically: As you navigate through the site (information collected through cookies and analytics tools).
  • From third parties: Such as healthcare providers or marketing partners.

5. Purpose of Data Collection

The data we collect serves to:

  • Provide and manage our Services.
  • Improve customer service and website user experience.
  • Communicate with you about your account or services requested.
  • Comply with our legal obligations, resolve disputes, and enforce our agreements.

6. Data Security Measures

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. These include encryption, firewalls, and secure server facilities.

7. Data Sharing

We do not sell, trade, or rent user information to third parties for marketing purposes. We may share your data with trusted third-party service providers as necessary for them to perform services on our behalf, including:

  • Payment processing
  • Data analysis
  • Email delivery
  • Hosting services
  • Customer service

These third parties are prohibited from using your personal information for any purpose other than to provide these services to us, and they are required to maintain the confidentiality of your information.

8. User Rights

As a user of our website and services, you have the following rights regarding your personal information:

  • Right to Access: You can request access to the personal information we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete data we hold about you.
  • Right to Erasure: You can request the deletion of your personal data, subject to certain exceptions prescribed by law.
  • Right to Restrict Processing: You may request that we restrict the processing of your personal information.
  • Right to Data Portability: You can request a copy of your personal data in a machine-readable format.
  • Right to Object: You can object to the processing of your personal information.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

To exercise these rights, please contact us using the details provided below.

9. Contact Information

If you have any questions or concerns about our Privacy Policy, our data practices, or our compliance with applicable law, please contact us at:

Dr. Catherine S. Chang, MD, FACS, INC. DBA Privé Beverly Hills

10. SMS Consent

We require your explicit consent for sending promotional and informational SMS messages as part of our services. This consent is obtained separately when you provide your mobile phone number. We do not share SMS consent with third parties.

This Privacy Policy outlines how we protect your personal information and uphold your rights. By accessing our website and using our services, you acknowledge that you have read and understood this Privacy Policy. We encourage you to review this policy periodically for any changes. We do not share, sell, or rent personal information with any third parties/affiliates.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All OPT-IN requests include text messaging originator opt-in data and consent; this information will not be shared with third parties.