Privacy Policy

Introduction:
Slim Wellness Center (referred to as "Slim Wellness," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy describes how we collect, use, store, and share information, including personal information and protected health information (PHI), in connection with our in-person clinical services and our website (https://slimwellnesscenter.com) (the "Website"). Any data referenced in this Policy is collected either during your in-person visits or through your interactions with our Website (such as when you fill out forms or subscribe to our newsletter).

We are required by law to maintain the privacy and security of your PHI and we abide by the Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy laws. By using our Website or providing your information to us in the course of our services, you agree to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not use our Website or services. This Policy is incorporated into our Terms of Service and is intended to be compliant with LegitScript certification standards for healthcare merchants.

1. Information We Collect

We collect various types of information from and about individuals who visit our Website or become our patients. This includes:

● Personal Identification and Contact Information: We may collect your name, postal address, email address, telephone number, date of birth, and other identifiers. For example, you may provide this information when you fill out a contact or registration form, book an appointment, or sign up for our newsletter.

● Health and Medical Information (Protected Health Information): As a wellness clinic, we collect health-related information from you during in-person consultations and treatments. This may include your medical history, symptoms, diagnoses, treatment plans, prescriptions, laboratory results, images, and any other health information you choose to provide. This information is considered PHI when it relates to your past, present, or future health or healthcare services and is collected in connection with our clinical services.

● Insurance and Payment Information: If you provide insurance details or payment information, we collect data such as your insurance provider and policy number, and limited payment details. For example, we may note your insurance coverage for billing or collect payment method details (credit/debit card information) when you pay for services. Payment card transactions on our Website are processed through a secure third-party payment processor (e.g., SmarterSwipe), so we generally do not store your full credit card number on our own systems.

● Website Usage Data: When you visit our Website, we and our third-party analytics partners automatically collect certain information about your device and browsing actions through cookies and similar technologies (see Cookies and Tracking Technologiesbelow). This data may include your IP address, device identifiers, browser type, pages viewed, how you arrived at the site, and the dates/times of your visits. We use tools such as Google Analytics to gather this information, which helps us understand how users interact with our Website.

● Online Forms and Communications: If you fill out any forms on our Website (for example, a contact form or appointment request form) or communicate with us via email, we will collect the information you submit. This could include personal and health information you provide in inquiry fields, as well as records of your correspondence.

● Cookies and Tracking Technologies: Our Website uses cookies, web beacons, and similar tracking technologies to enhance user experience and for marketing/analytics purposes. These technologies may collect unique device identifiers and other technical data about your use of our site. We detail how we use cookies and how you can control them in Section 5 below.

We collect the information described above either directly from you (for instance, when you complete a form or speak with us) or automatically through your use of our Website. In all cases, we limit our collection to what is relevant for the purposes described in this Policy.

2. How We Use Your Information

We use the information we collect for a variety of legitimate business and healthcare purposes, including:

● To Provide and Personalize Services: We use your personal information and PHI to deliver our wellness and medical services. This includes diagnosing health conditions, developing personalized treatment plans (e.g., weight loss programs, hormone replacement therapy, IV therapy, etc.), prescribing medications, and otherwise managing your care. Your information allows our healthcare providers to provide safe and effective treatment tailored to your needs.

● To Coordinate Care and Pharmacy Services: If we prescribe medication for you, we will use your information to prepare and transmit your prescription to our partner pharmacy (see Sharing Your Information below). We do not currently offer telehealth services, so all care coordination occurs through in-person visits or follow-up communications (phone/email) as needed.

● To Communicate with You: We use your contact information (email, phone, mailing address) to communicate about appointments, send appointment reminders, respond to inquiries you send us, provide test results or follow-up instructions, and deliver customer support. We may also send you administrative communications, such as updates to our policies or other notices necessary for services.

● For Payment and Operations: We use payment and insurance information to bill for our services and process transactions. For example, we may use your insurance information to submit claims on your behalf or your payment card information to charge you for services or products you purchase. We also use personal information for everyday business operations such as accounting, record-keeping, audits, and implementation of internal policies (including privacy and security protocols).

● To Send Promotional Materials (With Consent): If you join our email list or are an existing customer, we may occasionally send newsletters or marketing communications about new services, promotions, or wellness tips that might interest you. We will only use your information for marketing purposes in accordance with applicable law – for example, we will obtain your consent if required. You can opt out of marketing emails at any time (see Your Rights and Choices below). We do not use or share your sensitive health information for any third-party marketing without your explicit authorization.

● Analytics and Improvement: We use the Website Usage Data (collected via cookies and analytics tools like Google Analytics) to understand how our Website is used and to improve the user experience. This helps us analyze trends, administer and personalize the site, and develop new features or services. For example, analyzing which pages are most visited can inform our educational content for patients.

● Safety, Legal, and Compliance: We may use your information as necessary to comply with applicable laws and regulations, to enforce our Terms of Service or other agreements, and to protect the rights, safety, or property of our patients, staff, or the public. For instance, we might use or disclose information to report certain public health information as required by law, or to respond to a court order or subpoena. We also use information to fulfill our obligations under healthcare laws (such as quality assurance, licensing and accreditation requirements).

We will only use your personal information and PHI for the purposes described above or as otherwise disclosed to you at the time of collection. If we need to use your information for an unrelated purpose, we will obtain your permission or ensure that we have a lawful basis (for example, we may use information for a compatible purpose permitted under privacy laws). In particular, uses and disclosures of PHI will be limited to what is allowed under HIPAA and relevant laws (see HIPAA and Privacy Law Compliance below).

3. How We Share Your Information

We do not sell your personal information to third parties. However, in the course of running our business and providing services, we may share or disclose your information (including PHI, where appropriate) with third parties in certain circumstances. The types of recipients with whom we may share information are:

● Partner Pharmacy (Prescription Fulfillment): If you are prescribed medications through Slim Wellness Center, we will share the necessary prescription and health information with our LegitScript-certified partner pharmacy, Integrity Compounding Pharmacy (https://mixwithintegrity.com), in order to fulfill your prescription. This may include your name, contact information, date of birth, and prescription details relevant to compounding or dispensing the medication. Integrity Compounding Pharmacy is an independent pharmacy that will use your information only for prescription fulfillment and related pharmacy services, and it is required to protect your information under HIPAA and other laws. We share PHI with this pharmacy only for the purpose of treating you (getting your medication to you), and such sharing is permitted under HIPAA as a "treatment" disclosure.

● Other Healthcare Providers and Labs: With your consent or as necessary for your treatment, we may share relevant information with other healthcare entities involved in your care. For example, if we refer you to a specialist or coordinate care with your primary care physician, we may provide them with portions of your medical record or test results. Similarly, if laboratory tests are performed, we share necessary information with the lab and receive results back. Any such disclosures of PHI will be made in compliance with privacy laws and, where required, with your authorization.

● Service Providers (Business Associates): We utilize trusted third-party companies to perform services on our behalf that involve processing of personal information or PHI. These service providers include:

○ Payment Processors: For instance, when you make an online payment, your payment details are transmitted to Stripe, our payment processor, which will process the transaction. Stripe may receive your billing information and credit card number directly for payment processing. We contractually require Stripe to maintain the confidentiality and security of your payment information, and Stripe is certified as compliant with the Payment Card Industry Data Security Standard (PCI-DSS).

○ Email and Communications Providers: If you subscribe to our mailing list or we send appointment reminders or other emails, we may use an email service provider such as Mailchimp to manage email communications. Your name and email address (and any email content) will be stored with that provider for the purpose of sending you emails. Mailchimp acts on our instructions and is obligated to protect your information.

○ Website Analytics and Advertising Partners: We use third-party analytics tools like Google Analytics to collect usage data (as described in Section 1) and third-party advertising tools like Meta Pixel (Facebook Pixel) to assist with targeted advertising on social media platforms. These third parties may receive information about your device and browsing behavior on our site via cookies and similar technologies. This information may be used by those third parties to provide aggregate statistics to us and to serve advertisements that may be relevant to your interests on external platforms. We do not provide your name or contact details to these analytics or advertising providers; however, they may recognize you through persistent identifiers (such as your device IP or cookie ID) and link this data to other information they hold about you if you have separate accounts with them. Please see Cookies and Tracking Technologies for more details and how you can opt out of certain data collection.

○ IT, Cloud Storage, and EHR Providers: We store and manage PHI and other data using secure electronic systems, such as electronic health record (EHR) systems, cloud data storage, appointment scheduling software, and other IT platforms. These providers (often called "Business Associates" under HIPAA) may host or technically have access to your information for purposes of storing it or supporting our operations (for example, a secure cloud database provider or an IT support firm). We enter into appropriate confidentiality and data protection agreements (including Business Associate Agreements as required by HIPAA) with such service providers to ensure they safeguard your information and use it only for the services they perform for us.

● Insurance Companies and Payment Entities: If you have provided insurance information and we are billing insurance for your services, we will share necessary PHI with your health insurance company or payer to seek reimbursement. This can include details of your diagnoses, procedures, and personal identifiers required for claims. Likewise, if you use a Health Savings Account or financing plan (for example, Cherry, PatientFi, or CareCredit as mentioned in our patient materials) to pay for services, we will share necessary information with those financial companies to process payments. These disclosures are made for payment purposes and are permitted by law.

● Legal Compliance and Protection: We may disclose information about you if required to do so by law or legal process. For example, we might share information in response to a subpoena, court order, or a regulatory demand (such as providing information to the Department of Health for an audit). We may also disclose information as necessary to exercise or defend our legal rights, to investigate or take action regarding suspected illegal activities or security issues, or to protect the safety of our patients, staff, or others. In doing so, we will limit the information shared to what is legally required or otherwise allowed by law.

● Business Transfers: In the event that Slim Wellness Center undergoes a business transaction such as a merger, acquisition by another company, or sale of some or all of its assets, personal information (including PHI) may be transferred to the successor entity as part of that transaction. If such a transfer occurs, we will ensure the recipient is bound to respect your personal information in a manner consistent with this Privacy Policy (and if required by law, we will notify you or obtain your consent).

● With Your Authorization or Direction: Aside from the scenarios above, we will share your information with third parties only if you direct us to do so or explicitly consent to a specific disclosure. For instance, if you request that we share a copy of your records with a family member or another third party, we will do so with your written authorization (subject to verification of your request). You may also authorize us to use or disclose your PHI for purposes beyond treatment, payment, or healthcare operations, and such authorization can be revoked by you at any time (with exceptions if we have already relied on it).

In all cases of sharing, we aim to disclose only the minimum amount of information necessary for the purpose. We do not sell personal information to data brokers or unrelated third parties for their own marketing. We do allow certain third-party tools (like those for analytics and advertising) to collect data via our site as described, but this is for our use and benefit (to improve our services or reach interested audiences) and is done in accordance with applicable privacy laws. If any sharing of data could be deemed a “sale” or “share” under certain state laws (such as providing data to advertising partners under California law), we provide you the ability to opt out (see Your Rights and Choices).

4. Data Storage and Retention

Storage Locations: The personal information and PHI we collect is stored on secure servers and systems. Electronic records, including medical records, are maintained in our electronic health record system and other cloud-based or local systems that employ security measures (as described in Data Security below). We primarily store data in the United States. If we ever utilize cloud services or service providers that store data in other countries, we will ensure appropriate safeguards are in place in accordance with applicable law.

Retention Period: We retain personal information, including health information, for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required or permitted by law. In particular:

● Medical Records: We retain patient health records for a minimum period required by law. For example, California law generally requires that adult patient records be kept for at least seven (7) years from the date of the last medical service provided. We may retain health records longer if needed for ongoing treatment, business operations, or as advisable in order to have accurate medical history for your future visits. (For minors, records are retained at least until a certain age—typically until the patient turns 19, but no less than the standard retention period.)

● General Personal Data: For non-patient personal information (such as website inquiries or subscription information), we retain it as long as needed to provide you with the service or information you requested, or for our internal analysis. For instance, if you sign up for our newsletter, we will keep your email on file until you unsubscribe or ask us to delete it. If you contact us with a question, we may retain the correspondence to properly address your inquiry and any follow-up issues.

● Analytics Data: Information collected via cookies and similar technologies is retained in accordance with the policies of the third parties that collect it (for example, Google Analytics data may be retained for a certain period (e.g., 14 months) as configured in our account). This data is generally aggregated and not tied to identifiable users after a period of time. You can delete cookies or use browser settings to clear identifiers to potentially shorten the retention of data on your own devices (see Cookies below).

● Payment Records: We retain transaction records and receipts as long as necessary for accounting and compliance (for example, we might retain proof of payment for a number of years for tax and audit purposes). However, as noted, we typically do not store full credit card details ourselves.

● Legal Holds: If we are under a legal obligation to preserve data (for example, due to a litigation hold or government investigation), we will retain the data for as long as required by that obligation.

Once the applicable retention period expires, or if the information is no longer needed, we will securely dispose of or de-identify your information in accordance with our data destruction policies. For example, paper documents containing personal information are shredded, and electronic files are securely deleted or rendered anonymous, as appropriate. Please note that even if you request deletion of your data, we may need to retain certain information if required by law or if necessary for legal or internal business purposes (see Your Rights and Choices below for more information on deletion requests).

5. Cookies and Tracking Technologies

Cookies Overview: Our Website uses "cookies" and similar tracking technologies (such as pixel tags, web beacons, and device identifiers) to enhance your experience and collect information about how our site is used. Cookies are small text files placed on your computer or device when you visit a website. They serve a variety of functions, like enabling certain site features, remembering your preferences, and providing analytic insights.

Types of Cookies We Use:

● Essential Cookies: These cookies are necessary for the Website to function properly. They might, for example, remember your input in a form as you navigate between pages, or ensure that you receive the content you request. Because they are essential, you cannot opt out of these cookies via our Cookie Settings (though you can block them in your browser settings, which may affect site functionality).

● Analytics Cookies: We use analytics cookies to collect information about how visitors interact with our Website. For instance, we use Google Analytics, which sets cookies to gather data on site usage (e.g., which pages are visited, how long users stay, and any errors encountered). The information collected by these cookies is aggregated and helps us improve our Website’s performance and design. Google Analytics may collect details such as your IP address, but we have configured it not to collect personally identifying information where possible. Google provides an option to opt out of its Analytics cookies (via a browser add-on), and we honor global privacy controls if configured on your browser.

● Advertising and Social Media Cookies: We utilize advertising cookies and pixels to help deliver relevant marketing to users who have visited our site. In particular, our site uses the Meta Pixel (Facebook Pixel), which is a piece of code that allows Meta (Facebook/Instagram) to place a cookie on your device. This cookie helps us show you tailored ads on Facebook or Instagram based on your interaction with our Website (for example, if you visited our weight loss page, you might later see an advertisement for our services on Facebook). The information collected through the Meta Pixel may include your IP address, which pages you visited on our site, and certain device information. Meta may combine this information with data it holds about you if you are a user of their platform, in accordance with Meta's own privacy policies. We do not receive personally identifying information from Meta about you; rather, we receive aggregate reports and the ability to create anonymized "audiences" for our ads. You can opt out of Meta (Facebook) interest-based ads through your Facebook account settings or through industry websites such as the Digital Advertising Alliance opt-out page.

● Functional Cookies: In some cases, we may use cookies to remember choices you make on our Website (such as your region or language preferences, or your decision on the cookie consent banner). These cookies are not strictly necessary but enhance your personal experience.

Third-Party Tools: As noted above, third-party services (Google Analytics, Meta Pixel, etc.) set their own cookies to collect data through our site. We do not control the data collection by these third parties once it is transmitted to them. However, we have agreements in place or settings enabled to limit how they can use the data from our site. For instance, we have accepted the Google Analytics Data Processing Amendment to comply with privacy regulations and configured our Google Analytics settings to respect certain privacy signals. For more information on how these third-party tools handle data, you can review Google’s and Meta’s privacy policies.

Your Choices for Cookies: When you first visit our Website, you will be presented with a cookie consent banner (or have access to a "Cookies Settings" option) allowing you to accept or manage non-essential cookies. You can adjust your preferences at any time by clicking the "Cookies Settings" link (usually found at the bottom of the page) and modifying which categories of cookies you permit. Additionally, most web browsers provide settings to refuse some or all cookies or to alert you when cookies are being placed on your device. You can use your browser’s settings to delete cookies or prevent their collection (bear in mind that disabling cookies may affect certain features of the site, such as forms or interactive content).

Do Not Track: "Do Not Track" (DNT) is a preference you can set in your browser to signal that you do not wish to be tracked across websites. Our Website currently honors certain automated opt-out signals, such as the Global Privacy Control (GPC), for California residents where applicable. However, not all third-party services recognize DNT signals. We encourage you to use the cookie control tools described above for more effective management of your data.

Other Tracking Technologies: We may use web beacons or pixels in emails to understand if messages were opened or links were clicked, which helps us gauge the effectiveness of our communications. You can prevent this tracking by disabling images in your email client or unsubscribing from our marketing emails.

By using our Website with cookies enabled, you are consenting to the placement of cookies and similar technologies on your device as described. You can withdraw or change your consent at any time via the methods explained. For more information on cookies and how to manage them, you may visit resources like allaboutcookies.org.

6. Data Security

We take the security of your personal information and PHI very seriously. Slim Wellness Center has implemented a comprehensive set of administrative, physical, and technical safeguards to protect your data against unauthorized access, use, alteration, and destruction. These measures include, but are not limited to:

● Administrative Safeguards: We maintain internal privacy and security policies and regularly train our workforce on the proper handling of sensitive information. Access to patient information is restricted to authorized personnel who need it to perform their job duties (principle of "minimum necessary" access). We perform background checks on staff as appropriate and require all employees to sign confidentiality agreements. We also conduct periodic risk assessments and have an incident response plan to handle any potential data breaches.

● Physical Safeguards: Our clinic and offices are secured to prevent unauthorized entry. Paper records (if any) and files containing personal information are kept in locked cabinets or rooms when not in use. Access to areas or computers where sensitive data is stored is controlled (e.g., via key cards or supervision). Devices that contain PHI (like computers or tablets) are not left unattended in public areas, and they are locked or logged out when not in active use. We ensure proper disposal of sensitive materials (shredding physical documents and permanently deleting electronic data) when records are no longer needed.

● Technical Safeguards: We use up-to-date security technologies to protect electronic data. For example, our electronic health records and databases are password-protected and accessible only via authenticated logins. We utilize encryption to protect PHI transmitted over networks (for instance, data you enter on our Website is protected by HTTPS/TLS encryption during transmission, and we encrypt sensitive data at rest where feasible). Firewalls and antivirus/anti-malware solutions are in place to guard our systems, and we apply security patches and updates regularly to maintain the integrity of our software. We also employ audit controls and monitoring; access to electronic records is logged, and we monitor for any unauthorized access or unusual activity. In the event of a suspected data breach, we will take immediate steps to mitigate harm and will notify affected individuals and authorities as required by law.

While we strive to protect your information with rigorous security standards, no method of transmission over the Internet, and no method of electronic storage, is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, we continuously evaluate and enhance our security practices to adapt to new threats and to ensure that we meet or exceed industry standards and legal requirements (including HIPAA’s Security Rule). If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect a vulnerability in our systems or that your data may have been compromised), please immediately notify us using the contact information below so we can take appropriate measures.

7. HIPAA and Privacy Law Compliance

Slim Wellness Center complies with all applicable privacy laws and regulations regarding personal health information and personal data. This includes the federal HIPAA law and relevant state laws such as California’s Confidentiality of Medical Information Act (CMIA) and consumer privacy laws. Below is a summary of our legal compliance commitments:

Protected Health Information (HIPAA): As a healthcare provider, we are considered a "covered entity" under HIPAA. We maintain the privacy of your PHI as required by HIPAA’s Privacy Rule. In practical terms, this means:

● We will use and disclose your PHI only as permitted or required by law. Permitted uses and disclosures include those for Treatment, Payment, and Healthcare Operations (TPO). For example, we use your PHI to treat you (treatment), to bill your insurance (payment), and for internal management like quality improvement (operations).

● We will not use or disclose your PHI for any purpose outside of these permitted areas unless we first obtain your written Authorization. For instance, most uses of PHI for marketing (especially if a third party is involved) or any sale of PHI would require your authorization. If you do provide an Authorization for a particular use/disclosure, you can later revoke it in writing, and we will honor the revocation for future uses (except to the extent we have already acted in reliance on your Authorization).

● We provide all patients with a Notice of Privacy Practices (NPP) describing in detail how we handle PHI and your rights under HIPAA. This Privacy Policy is not intended to replace our NPP for patients. If there is any conflict between this Policy and the NPP (for example, regarding PHI use/disclosure), the terms more protective of privacy will apply. If you would like to see our full Notice of Privacy Practices, you may request a copy from our office at any time.

● In the event of any unauthorized access, use, or disclosure of your PHI (a "breach" as defined by HIPAA) that compromises the privacy or security of your information, we will notify you without unreasonable delay and no later than required by law, and we will inform you of your rights and any steps you should take to protect yourself.

State Privacy Laws: We also comply with state-specific privacy laws that apply to us. For example, the California CMIA imposes duties on us to safeguard your medical information and maintain its confidentiality, and we fully adhere to those duties. If you are a California resident, please be aware that certain personal information that is not PHI may be subject to the California Consumer Privacy Act (CCPA, as amended by the CPRA). However, personal information that constitutes PHI under HIPAA or medical information under CMIA is largely exempt from CCPA. We want to emphasize that whether or not CCPA applies, we do not sell your personal information. For any personal information of California residents that is subject to CCPA (for example, information we collect through our Website that is not PHI), we will treat it in accordance with CCPA requirements. This means we will honor requests from California residents to access, delete, or correct such information, and to opt-out of "sale" or "sharing" of personal information (as those terms are defined under California law), as described in Your Rights and Choices below.

Other Laws: If we expand services or engage with residents of other states (or countries), we will also comply with other applicable privacy laws such as (by way of example) the Nevada privacy law (which gives Nevada residents the right to opt out of certain sales of personal information), or the privacy laws of Colorado, Virginia, Connecticut, and others that grant consumer rights over personal data. We are committed to maintaining compliance with whichever privacy regulations apply to our operations, and to updating our practices as laws evolve.

In summary, we treat all personal data with care and respect for privacy, and for PHI specifically, we adhere strictly to HIPAA and applicable state laws. Our staff is trained on these requirements, and our internal policies reflect our legal obligations. If you have questions about our compliance or need more detailed information about our privacy practices in a medical context, please contact us as outlined in the Contact Us section.

8. Your Rights and Choices

You have certain rights regarding your personal information and PHI that we maintain. We are dedicated to honoring your rights and providing you with choices about how your information is used and disclosed. The following is a summary of key rights you have and how you can exercise them:

● Access to Your Information: You have the right to request access to the personal information we hold about you. For our patients, this includes the right to obtain a copy of your medical records and other PHI that we have in our designated record set (subject to limited exceptions). We will provide access to this information in the form or format you request (for example, paper or electronic), if readily producible. For PHI, we may charge a reasonable cost-based fee as permitted by law for copies. Website users or newsletter subscribers may also request a copy of the personal data we have collected about them (such as contact info or communications). To request access, please contact us (see Contact Us below). We will respond within the time frame required by law (HIPAA generally requires a response within 30 days for PHI; CCPA requires acknowledgment in 10 days and response in 45 days for California consumer data, etc.).

● Correction/Amendment: If you believe that any personal information or PHI we have about you is incorrect or incomplete, you have the right to request that we correct or amend the information. Patients may request an amendment to their medical records under HIPAA. We will review your request and, if we agree, will correct the inaccurate or incomplete information. If we deny your request (for example, if we believe the record is accurate as is), we will provide an explanation and you have the right to submit a statement of disagreement that we will keep with your record. For non-medical personal data, we will correct any factually inaccurate information about you that you demonstrate is incorrect.

● Deletion of Data: You have the right in many cases to request deletion of your personal information. For California residents, this is a right under the CCPA for information not subject to an exemption. However, please note that certain information we hold may be ineligible for deletion due to legal requirements. For example, we cannot delete medical records or PHI that we are required to retain by law (such as the legal medical record of your treatment) or that we need to retain for legitimate business or legal purposes (like proof of services provided for billing or compliance). We also might retain limited information to honor opt-out requests (e.g., keeping your email on a "do not contact" list if you have unsubscribed from communications, to ensure we don’t accidentally contact you). If you request deletion of information that we can delete (for instance, personal data you provided on our Website outside of a patient context), we will remove that information from our records and instruct any service providers to do the same, in accordance with applicable law. To request deletion, please contact us with specific details of your request. We will confirm what data can be deleted and proceed accordingly.

● Restriction of Use or Disclosure (PHI): Under HIPAA, you have the right to request that we restrict the use or disclosure of your PHI in certain circumstances. For example, you can ask that we not share information with a particular family member or with your insurance company for a service you pay for out-of-pocket (this latter scenario is a right under HIPAA if you paid in full). While we will consider all restriction requests, please understand that we are not required to agree to all restrictions (except in the case of a fully out-of-pocket payment, where we must comply with a request not to disclose to insurance). If we do agree to a restriction, we will abide by it except in emergencies or as otherwise required by law.

● Opt-Out of Marketing Communications: If you no longer wish to receive our newsletter or promotional emails, you have the right to opt out. You can unsubscribe by clicking the "unsubscribe" link in any marketing email you receive from us, or by contacting us and requesting to be removed from our mailing list. Please note that even if you opt out of marketing messages, we may still send you non-promotional communications, such as appointment reminders or important notices about your services or billing.

● Opt-Out of Data Sharing/Do Not Sell or Share (for California and similar laws): As noted, we do not sell personal information for monetary consideration. However, California law defines "sale" and "sharing" broadly to include certain uses of cookies and advertising. If you are a California resident and wish to ensure that your personal information is not “sold” or “shared” for cross-context behavioral advertising, you can exercise that right by using our Website’s cookie management tool to disable advertising cookies (see Cookies section). You may also contact us to request to opt out, and we will process an opt-out by implementing a cookie-based opt-out or other mechanism. Additionally, if your browser or device transmits recognized opt-out preference signals (such as the Global Privacy Control), we will honor such signals in accordance with applicable regulations by treating it as a valid opt-out of sale/sharing for that browser/device.

● Right to an Accounting of Disclosures (PHI): You have the right to request an "accounting of disclosures" – a list of certain disclosures of your PHI that we have made outside of treatment, payment, or healthcare operations in the six years prior to your request. (Routine disclosures for treatment, payment, and operations and certain other disclosures, such as those you authorized, are not required to be listed.) If you need an accounting of disclosures, please send us a request in writing. The first accounting in a 12-month period is free; we may charge a nominal fee for additional requests within the same period.

● Right to Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we contact you only at a certain phone number or send mail to an alternate address for privacy reasons. We will accommodate reasonable requests whenever feasible.

● Right to Non-Discrimination: If you exercise any of the rights described in this Privacy Policy, we will not discriminate against you. This means we will not deny you services, charge you different prices, or provide a different quality of service because you exercised your privacy rights. (Do note that if a deletion request prevents us from continuing to provide you with ongoing services (for example, if you ask us to delete information that we need to provide care), we will inform you if we can no longer provide the service and give you options such as terminating services. We will not, however, simply deny services for exercising a right when it is possible to continue.)

How to Exercise Your Rights: To exercise any of your rights, please contact us using the information provided in Contact Us below. For certain requests (like accessing or deleting data), we may need to verify your identity to ensure we are fulfilling requests for the correct individual. For example, we might ask you to provide certain identifying information or present an ID at our office. If you are a legally authorized representative of a patient or user (e.g., a person holding a healthcare power of attorney or a parent/guardian of a minor where appropriate), you may make requests on their behalf; we will take steps to verify your authority and the identity of the subject of the data as well.

We will do our best to respond to your request within the timeframes required by law. If we need more time, we will inform you of the reason and extension period in writing. If we cannot fulfill part or all of your request, we will provide an explanation (for instance, if a requested record is exempt from disclosure or must be retained for legal reasons).

Your privacy and control over your information are important to us, and we will assist you in exercising your rights to the fullest extent possible.

9. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the "Effective Date" at the top of this Policy to indicate when the revisions took effect.

If we make any material changes to how we handle your personal information or PHI, we will provide prominent notice of such changes. For example, we may post a notice on our Website’s homepage or within the privacy policy page itself, and/or, if we have your email on file (as a patient or subscriber), we may notify you via email. We encourage you to review our Privacy Policy periodically to stay informed about our data practices and the ways you can protect your privacy.

Your continued use of our Website or services after any changes to this Privacy Policy have been posted will signify your acceptance of those changes, except where otherwise required by law (in which case we will handle obtaining your consent or allowing you to opt-in/opt-out as legally mandated). If you do not agree to the revised Policy, you should discontinue use of our services and contact us regarding any concerns.

10. Contact Us

If you have any questions, concerns, or comments about this Privacy Policy or our privacy practices, or if you wish to exercise any of your rights as described above, please contact us. You can reach our privacy office in the following ways:

● Email: Send an email to info@slimwellnessclinic.com with the subject line "Privacy Inquiry" and include your contact information and a detailed description of your request or question.

● Phone: Call us at (619) 765-4141 and let the representative know you have a privacy-related question or request. They will direct you to the appropriate personnel who can assist you.

● Mail: You may send correspondence to the following address:Slim Wellness Center
Attn: Privacy Officer
655 Euclid Ave, Suite #120
National City, CA 91950

We will treat all communications confidentially and will respond as soon as reasonably possible, generally within 30 days or sooner if required by law. If you are a patient and feel we have not adequately addressed your privacy-related concern, please let us know so that we can resolve the issue. You also have the right to file a complaint with the U.S. Department of Health & Human Services (Office for Civil Rights) or with relevant state authorities if you believe your privacy rights have been violated. We will not retaliate against you for making any such complaint.

Thank you for entrusting Slim Wellness Center with your healthcare and personal information. We are dedicated to safeguarding your privacy and providing you with high-quality, secure care.

‍