Privacy Policy

Overview

At Millennial Plastic Surgery (“we,” “us,” “our”), protecting your privacy is a priority. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website millennialplasticsurgery.com (the “Site”), request services, interact with our tools, or communicate with us. By accessing or using our Site or services, you agree to the terms of this Privacy Policy.

1. Information We Collect

A. Personal Information You Provide

We may collect information that identifies you directly, including:

• Name
• Email address
• Phone number
• Postal address
• Date of birth (if provided)
• Insurance information (if applicable)
• Appointment and treatment requests

This includes information you voluntarily provide when you submit forms, contact us, schedule an appointment,
request a consultation, register for newsletters, or communicate with our team.

B. Health-Related Information (Protected Health Information)

If you become a patient, we may collect and maintain health-related information as part of providing care.
Certain health information may be considered “Protected Health Information” (“PHI”) and may be protected under
applicable privacy laws, including HIPAA, when we act as a covered entity or business associate. Where applicable,
our use and disclosure of PHI is governed by our Notice of Privacy Practices.

B.1. Visual Media & Clinical Photography

As part of our clinical services and with your express written authorization (separate from this policy), we may collect photographs or videos of your face or body (“Clinical Imagery”). While used primarily for surgical planning and your medical record, if you have signed a specific HIPAA Media Release, these images may be used for educational or marketing purposes. You maintain the right to revoke this media consent at any time by contacting us in writing, which will result in the removal of such imagery from our digital properties.

C. Technical & Usage Data (Automatically Collected)

When you visit our Site, we may collect certain information automatically, including:

• IP address
• Browser type and version
• Device type and operating system
• Referring/exit pages
• Pages viewed and time spent on pages
• Clicks, scrolls, and other interaction data

D. Non-Secure Communications (Social Media & Third-Party Apps)

If you choose to communicate with us via Instagram Direct Message, Facebook Messenger, WhatsApp, or other third-party social media platforms, please be aware that these channels are not HIPAA-secure. By initiating contact through these platforms, you acknowledge the privacy risks associated with non-encrypted messaging and authorize Millennial Plastic Surgery to respond via the same channel. For secure communications, please use our encrypted patient portal or call our office directly.

2. How We Use Your Information

We may use your information to:

• Provide, operate, and maintain our Site and services
• Schedule, manage, and confirm appointments or consultations
• Respond to inquiries and provide customer support
• Communicate about services, updates, and administrative messages
• Improve Site performance, content, and user experience
• Conduct analytics and measure marketing effectiveness
• Comply with legal obligations and enforce our policies

3. How We Share Your Information

We do not sell your personal information. We may share information in the following situations:

A. Service Providers

We may share information with trusted vendors who perform services on our behalf (e.g., hosting, analytics,
scheduling software, customer support tools). These providers are required to protect your information and use it
only to provide services to us.

B. Healthcare Operations (If Applicable)

If you are a patient, we may share information as needed for treatment, payment, and healthcare operations,
consistent with applicable law and any Notice of Privacy Practices provided by our practice.

C. Legal & Safety

We may disclose information if required by law or in response to valid legal process (e.g., subpoena or court order),
or to protect the rights, property, and safety of our patients, users, or others.

D. Business Transfers

If we undergo a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be
transferred as part of that transaction, as permitted by law.

E. Third-Party Surgical Financing

If you apply for medical financing through our partners (e.g., CareCredit, Alphaeon), we may share necessary personal and treatment-related information with those providers to facilitate your application and process payments. These third parties are governed by their own privacy policies.

4. Cookies & Tracking Technologies

We use cookies and similar technologies (e.g., pixels, tags) to enable Site functionality, understand usage, improve performance, and deliver relevant content.

Cookie Controls

You can control cookies through your browser settings and, where available, via our cookie banner/preferences tool.
If you disable cookies, some features of the Site may not function properly.

5. Your Rights & Choices

A. Access, Update, or Delete

You may request access to, correction of, or deletion of certain personal information we maintain about you, subject to legal exceptions.

B. Marketing Opt-Out

You may opt out of marketing emails by using the unsubscribe link in the email. For SMS messages, reply STOP (or follow the instructions provided in the message). You may still receive non-marketing administrative messages (e.g., appointment confirmations) where permitted by law.

C. Patient Privacy Rights (If Applicable)

Patients may have additional rights regarding PHI, including the right to request access, amendments, restrictions, and an accounting of certain disclosures, as permitted by law and described in our Notice of Privacy Practices.

D. Global & State-Specific Rights (GDPR & CCPA/CPRA)

Depending on your residency, you may have additional rights, including the right to request a portable copy of your data, the right to delete your personal information, and the right to opt-out of certain processing.

• California Residents: We do not “sell” or “share” your personal information for cross-contextual behavioral advertising as defined by the CPRA.
• EU/UK Residents: Our lawful basis for processing is your consent and/or our legitimate interest in providing surgical services.
• Medical Records Exception: Please note that requests for deletion of data are subject to New York State medical record retention laws and HIPAA regulations.

6. Data Retention

We retain information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (including medical record retention requirements).

7. Children’s Privacy

Our Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us so we can take appropriate
steps to delete it.

8. Third-Party Links

Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing information.

9. Security

We use reasonable administrative, technical, and physical safeguards designed to protect your information.
However, no method of transmission over the internet or method of storage is 100% secure, and we cannot guarantee absolute security.

We comply with the New York SHIELD Act, maintaining a data security program that includes administrative, technical, and physical safeguards to protect the private information of New York residents.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with an updated “Last updated” date. Your continued use of the Site after changes are posted indicates your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your privacy rights, contact:

Optional: Notice of Privacy Practices (NPP)

View our Notice of Privacy Practices.