Effective 3/9/2024
Skin Solutions Dermatology & Skin Cancer Surgery, P.C., a Tennessee for-profit corporation having a principal address at 200 Cool Springs Boulevard, Franklin, Tennessee 37067-2677, U.S.A. (“Company,” “We,” “Us,” or “Our”) is committed to ensuring the privacy and security of you (“User,” “You,” or “Your”), and Your use of, access to, or visitation of Company’s website, available at https://www.skinsolutionsderm.com/ (the “Website”), including any and all content, functionality, and services offered on or through the Website (the “Website Services”) (hereinafter, the “Website” and “Website Services” are collectively referred to as the “Platform”), whether as a guest or a registered User. Company is committed to safeguarding the privacy of the User and its data, information, and other personally identifying information through Our compliance with this policy (the “Privacy Policy”). Company and User may be referred to in the singular as a “Party” and collectively as the “Parties.”
This Privacy Policy, available at https://www.skinsolutionsderm.com/privacy-policy/, informs the User of the types of information We may collect from You or that You may provide when You use, access, or visit the Platform. Moreover, This Privacy Policy details Our practices for collecting, using, maintaining, retaining, protecting, and disclosing Your data and information, including Your Personal Data (as defined later).
Please read this Privacy Policy carefully, thoroughly, and completely to understand Our policies and practices regarding Your data, information, and other personally identifying information, and how We collect, use, maintain, protect, and disclose the foregoing. If You do not agree with the terms of the Privacy Policy, You may elect to not use, visit, or access Our Platform. By accessing, visiting, or using Our Platform, You agree to the terms of this Privacy Policy in its entirety.
This Privacy Policy may change from time to time (“Changes”). Your continued use of or access to this Platform after Company makes Changes is deemed to be an acceptance of those changes; therefore, please routinely monitor this Privacy Policy for any updates, revisions, modifications, or amendments. We will notify the User of any Changes by providing access to the new Privacy Policy on the Platform. Company may notify the User via email or by a prominent notice on Our Website, prior to or contemporaneous with the Changes becoming effective, and Company will update the date at the top of this Privacy Policy (the “Effective Date”). If Our practices change regarding previously collected Personal Data (later defined herein) in a way that would be materially less restrictive than those policies in effect at the time We collected the information, Company will make reasonable efforts to provide notice and to obtain consent to any such uses as may be required by law.
Definitions.
Affiliate. “Affiliate” means any Person (as defined herein), other than the Parties, that, directly or indirectly, controls, is controlled by, or is under common control with a Party.
Cookies. “Cookie” means a message, or segment of data, containing information about a User, sent by a web server to a browser and sent back to the server each time the browser requests a web page. This message, or segment of data, is stored on the User’s Device (as defined herein). There are various types of Cookies available on the Platform.
Data Controller. “Data Controller” means the natural or legal person, alone or jointly with others, who determines the purposes and means of the processing of Personal Data (as defined herein). For the purpose of this Privacy Policy, Company is the Data Controller of Your information and data, including the Personal Data (as defined herein).
Data Processor. “Data Processor” means any natural or legal Person, public authority, agency, or other body which processes Your information and data, including Personal Data (as defined herein) on behalf of the Data Controller.
Data Subject. “Data Subject” means any identified or identifiable natural or legal Person who is using or accessing the Platform. For the purpose of this Privacy Policy, the Data Subject is the User.
Device. “Device” means any unit of physical hardware or equipment that provides one or more computing functions within a computer system including, but not limited to, desktop computers, laptop (or otherwise portable) computers, mobile/cellular phones, tablets, and other computers capable of using or accessing the Platform.
Person. “Person” means any individual, corporation, partnership, joint venture, limited lability company, governmental authority, unincorporated organization, trust, association, or other entity.
Personal Data. “Personal Data” means any information that can be used to distinguish or trace an individual User’s identity, either alone or when combined with other personal or identifying information, that is linked or linkable to a specific individual.
Processing. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Usage Data. “Usage Data” means certain data that is generated by use of Our Platform, either by an individual User or from general use of the system underlying the Platform.
User Contributions. “User Contribution” means any and all of User’s contributions to the Platform or to Company through posting, linking, storing, sharing, submitting, publishing, displaying, or transmitting to other Users, other persons, or Company data and information related to, or in connection with, the User and/or its use of or access to the Platform.
Web Log. “Web Log” means a file automatically created and maintained by a web server, containing information on who or what visits, accesses, or uses the Website, the point of origination for those visiting, accessing, or using the Website, and the activities and behavior of those visiting, accessing, or using the Website.
Opt-Out Policy
Opt-Out. From time to time, User acknowledges that User may receive newsletters, updates, marketing or promotional materials, and other communications, which Company, in its sole and absolute discretion, deems would be of interest to the User. User may expressly opt out of receiving any, or all, of these communications from Company by accessing a web-link to unsubscribe, or alternatively, notifying Company in accordance with the section titled “Comments, Concerns, and Complaints.” You may be able to opt out of receiving personalized advertisements from advertisers and/or advertising networks who are members or subscribers of the following: (i) the Network Advertising Initiative (NAI), (ii) the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioral Advertising, and (iii) European Interactive Digital Advertising Alliance (EDAA). To learn more about your choices for opting out of personalized advertising, please visit:
- Network Advertising Initiative (NAI) – United States
- Browser Opt-Out: http://www.networkadvertising.org/choices/
- Digital Advertising Alliance (DAA) – United States
- Browser Opt-Out: http://www.aboutads.info/choices/
- European Interactive Digital Advertising Alliance (EDAA) – Europe
- Browser Opt-Out: http://youronlinechoices.eu.
Minimum Age; Children’s Privacy
Children’s Online Privacy Protection. Company does not intend to collect, nor does it knowingly collect, Personal Data from anyone under the age of thirteen (13). No User under the age of thirteen (13) may provide any Personal Data to Company or on the Platform.
Notification. If We learn (or are informed) We have collected or received Personal Data from any User under thirteen (13) years of age, without verification or parental consent, We will delete the Personal Data. If You have knowledge or awareness, or alternatively suspect or believe, that Company might have any information, including Personal Data, about any User under the age of thirteen (13), please reference the section titled “Comments, Concerns, and Complaints,” for the purpose of informing Company regarding Company’s collection or receipt of Personal Data from any individual under the age of thirteen (13).
Processing of Health Information
Protection under HIPAA. To the extent You, or another User, are one of Company’s patients, Your personally identifiable health information in Our possession constitutes protected health information (“PHI”). Your PHI is protected by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and the pertinent provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.
Requirements by Law. In collecting Your information and data, including the Personal Data, our Platform may also collect Your PHI. Akin to our privacy practices as laid forth in this Privacy Policy, We are committed to protecting Your PHI. To the extent Company engages in any Processing of Your PHI, whether by or through the Platform or otherwise, such Processing is subject to the applicable provisions of HIPAA, as modified by HITECH, not this Privacy Policy. This protection extends to PHI that is oral, written, and/or electronic.
Notice of Privacy Practices. To review Our privacy practices with respect to Your PHI, please review our “Notice of Privacy Practices,” which may be made available to You at Our facilities, or is otherwise generally available at https://www.skinsolutionsderm.com/privacy-practices-notice/.
Processing of Information & Data
Collection. Generally, We do not collect information and data about Users of the Platform. Company, however, may collect the following information and data about Users:
- Personal Data including, but not limited to:
- name (first and last);
- email address;
- phone number;
- postal address;
- unique identifying information, such as login credentials; and
- Other User information, such as a User’s:
- requests for material, information, or services;
- reports of problems, issues, or errors with the Platform;
- responses to surveys sponsored or hosted by Company;
- correspondence with Company;
- search queries on the Platform;
- Cookies;
- Usage Data;
- User Contributions;
- Web Logs, consisting of the following:
- the Internet domain from which You access the Website;
- Your Internet Protocol (IP) address;
- Your Internet Service Provider (ISP) utilized to use and access the Platform;
- the type of web browser and operating system employed by User;
- the date and time User accessed, used, or visited the Platform, including the average time expended by the User; and
- the webpages accessed, used, or visited on the Platform.
Automatic Collection. As You navigate through and interact with Our Platform, We may use automatic data collection technologies, such as Cookies, to collect certain information about Your equipment, browsing actions, and patterns, including:
- details of Your visits to Our Platform, including traffic data, location data, logs, and other communication data, as well as the contents and resources that You access and use on the Platform;
- information about Your Device and internet connection, including Your IP address, Internet service provider (ISP), operating system, and browser type; and
- location information, such as the User’s approximate or actual geographical location.
Retention. Company will retain Your information, including Personal Data, only for as long as User uses or accesses the Platform and as necessary for the purposes set out in this Privacy Policy. In addition, We will retain Your information, including Personal Data, to the extent necessary to comply with Our legal obligations, to resolve disputes, and to enforce Our legal agreements and policies.
Use. Generally, We do not use or exploit information and data, including Personal Data, of Users to this Platform. We use Your information and data, including Your Personal Data and Usage Data:
- to present the Platform and its contents, resources, and services to You;
- to maintain the Platform, and to improve the navigation, functionality, and operability of the Platform;
- to contact You with newsletters or promotional, advertising, or marketing materials;
- to contact You regarding Changes to the Privacy Policy;
- to provide You with information, contents, resources, products, and services that You may request from the Company;
- to deliver support to the User in connection with the Platform;
- if applicable, to carry out Our obligations and enforce Our rights arising from any contracts entered into between You and Company;
- to monitor, observe, or examine the use of or access to the Platform;
- to detect, prevent, and address technical, technological, or service errors and issues;
- to enable You to engage in, participate in, utilize, or activate the interactive features on the Platform; and/or
- in any other method or fashion as We may so specify upon Your provision of said information, including Your Personal Data.
Transfer. Your information, including Personal Data, is transferred to and maintained on Devices or servers located within the United States. Your information, including Personal Data, may be transferred to, and maintained on, Devices located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction. Your consent to this Privacy Policy, followed by Your submission of such information, including Personal Data, represents Your agreement to that transfer. Company shall take reasonable measures to ensure that Your data is treated securely and in accordance with this Privacy Policy, and that no transfer of Your Personal Data to a third-party organization or a country shall occur, unless there are adequate controls in place regarding the privacy of Your information, including Personal Data, and the information security protocol. If You are located outside of the United States, please be advised that any information, including Personal Data, You provide to us will be transferred to and within the United States. By using, accessing, or visiting Our Platform, You consent to this transfer.
Disclosure. Generally, We do not disclose, release, sell, or trade information and data, including Personal Data, of Users to third-party Persons. We may disclose your information and data, including Your Personal Data:
- to Our subsidiaries, affiliates, successors, and assignees;
- to contractors, Service Providers (as defined herein), external vendors, and other third-party Persons We engage to support Our business model and Platform, and who are bound by contractual obligations to keep Your information, including Personal Data, confidential and proprietary, and to use Your information, including Personal Data, only for the purposes and grounds upon which We disclose;
- to a buyer or any successor in interest in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information and data, including Personal Data, held by Company about Our Users is among the assets transferred;
- to fulfill the purpose for which You provide such information;
- to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- where, in Company’s sole and absolute discretion, such disclosure is necessary or appropriate to protect the rights, property, or safety of Company, Users, any third parties with which We contract or engage, or others, including the exchange of information with other entities for the purposes of fraud protection and credit-risk reduction;
- to protect and maintain the security, operability, viability, functionality, and reliability of this Platform;
- to prevent or investigate potential, threatened, imminent, or actual wrongdoing in connection with the Platform; and
- for all other grounds, contingent upon Your consent.
Facilitation. We may employ third-party entities, individuals, contractors, and/or subcontractors (“Service Providers”) to facilitate the Platform, provide the Platform on Our behalf, perform Platform-related services, or assist Company in analyzing how Our Platform and its content, resources, and services are used or accessed. These Service Providers may only use, access, or disclose Your information, including Personal Data, for the sole purpose of performing facilitative services. Company does not collect or retain payment or billing information; rather, Company uses Service Providers to facilitate any payment or billing processing. Service Providers facilitating payment or billing processing are required to adhere to the standards set forth by the Payment Card Industry Data Security Standard (PCI-DSS), the standards of which are available at https://www.pcisecuritystandards.org/pci_security/. Company utilizes the following Service Providers:
- Google Analytics, for the purpose of measuring data and information related to site traffic, behavior, and conversion, and whose privacy policy is available at https://policies.google.com/privacy and whose information, contents, and materials on cookie usage and other tracking technologies is available at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage;
- Stripe, for the purpose of collecting payment for the purchase of products, and whose privacy policy is available at https://stripe.com/privacy and whose information, contents, and materials on cookie usage and other tracking technologies is available at https://stripe.com/legal/cookies-policy.
- Healow for the purpose of enabling patients to access their medical records, communicate with Us, collect payments for services rendered, and whose privacy policy is available at https://healow.com/apps/jsp/webview/policy.jsp and whose information, contents, and materials on cookie usage and other tracking technologies is also available at https://healow.com/apps/jsp/webview/policy.jsp.
- WooCommerce for the purpose of collecting information related to shipping orders for the purchase of products and whose privacy policy is available at https://automattic.com/privacy/ and whose information, contents, and materials on cookie usage and other tracking technologies is available at https://woo.com/document/woocommerce-cookies/.
- Mailchimp for the purpose of collecting email addresses to send out newsletters and notifications to those enrolled in Our mailing list and whose privacy policy is available at https://www.intuit.com/privacy/statement/ and whose information, contents, and materials on cookie usage and other tracking technologies is available at https://mailchimp.com/legal/cookies/.
- Formidable Forms for the purpose of collecting information to contact those asking for Us to contact them and whose privacy policy is available at https://formidableforms.com/privacy-policy/ and whose information, contents, and materials on cookie usage and other tracking technologies is also available at https://formidableforms.com/privacy-policy/.
Aggregation and Anonymization. “Aggregation” of data and information is generally defined as any process in which information and data is gathered and expressed in summary form. “Anonymization” is defined as the process of removing personally identifiable information (e.g., Personal Data) from data sets, so that the corresponding individuals remain anonymous from identification. Company, in its sole and absolute discretion and without notice, may aggregate and anonymize Personal Data so that the end-product does not personally identify You or any other User of the Platform.
Monitoring. To ensure the privacy and security of this Users of the Platform (as well as third-party Persons), Company may monitor Your use of or access to the Platform. We monitor the use of or access to the Platform for the following reasons:
- to identify fraudulent activities and transactions;
- to prevent or investigate the potential, threatened, imminent, or actual harm or abuse to Users or third-party Persons, as well as to prevent the potential, threatened, imminent, or actual misuse or exploitation of the Platform;
- to ensure compliance with and enforce this Privacy Policy;
- to investigate potential, threatened, imminent, or actual violations of this Privacy Policy; and
- to protect the rights and property of Users, Company, and its Service Providers, contractors, subcontractors, vendors, partners, clients, customers, and other third-party Persons.
Access, Correction, Cancellation, and Deletion
Requests. Requests to access, correct, or delete personal information and data, including Your Personal Data, must be submitted through reference to the section titled “Comments, Concerns, and Complaints.” Please note that We may not be able to delete, correct, or revise Your information and data, including Your Personal Data, where Company is legally required to retain and maintain such information and data.
Information Security
Protective Measures. We have implemented physical, administrative, and technical measures designed to secure and protect Your information and data, including Personal Data, from accidental loss and from unauthorized access, use, alteration, and disclosure.
User Responsibility. The safety and security of Your information, including Your Personal Data, also depends on You. You are responsible for maintaining confidentiality as to those credentials necessary to access the Platform. We ask that You not share Your credentials with any third-party Person.
Internet Transmission. Unfortunately, the transmission of information via the Internet is not completely secure. Although We exercise best efforts to protect Your personal information, We cannot guarantee the security of Your information and data, including Your Personal Data, transmitted to or from the Platform. Any transmission of information and data, including Your Personal Data, is at Your own risk. Please exercise caution in submitting Your information and data, including Your Personal Data, especially if You are accessing the Platform using a Wi-Fi hotspot or public network. If You have reason to believe that Your use of or access to the Platform is no longer secure or protected, please immediately notify Company of the issue in accordance with the section titled “Comments, Concerns, and Complaints.”
Limitation of Liability. EXCEPT AS OTHERWISE PROVIDED FOR IN THIS PRIVACY POLICY, COMPANY EXPRESSLY DISCLAIMS ANY REPRESENTATION OR WARRANTY, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO ENSURING, GUARANTEEING, OR OTHERWISE OFFERING ANY DEFINITIVE REPRESENTATION OR WARRANTY OF SECURITY IN CONNECTION WITH YOUR INFORMATION AND DATA, INCLUDING YOUR PERSONAL DATA, OR USAGE INFORMATION, AND FURTHER DISCLAIMS ANY LIABILITY THAT MAY ARISE, SHOULD ANY OTHER THIRD-PARTY PERSONS OBTAIN THE INFORMATION YOU SUBMIT TO THE PLATFORM.
Third Parties and Third-Party Sites and Resources
Third-Party Sites. Our Platform and its contents, resources, and services may contain links to third-party sites that are not operated, directly or indirectly, by Company. If You click or select a third-party link, You will be directed to the third-party Person’s site. USER ACKNOWLEDGES AND AGREES THAT COMPANY HAS NO CONTROL OVER AND ASSUMES NO RESPONSIBILITY FOR THE CONTENT, PRIVACY POLICIES, OR PRACTICES OF ANY THIRD-PARTY SITE OR SERVICE.
Other Privacy Policies. To the extent that You submit, present, or offer any information or data, including Your Personal Data, to any third-party Person, such third-party Person’s collection, use, and disclosure of such information may be governed by its privacy policy, and not by Our Privacy Policy.
Limitation of Liability. WE ARE NOT RESPONSIBLE FOR THE INFORMATION COLLECTION, USAGE, DISCLOSURE, OR OTHER PRIVACY PRACTICES OF ANY THIRD-PARTY PERSONS, INCLUDING OUR THIRD-PARTY SERVICE PROVIDERS, ANY THIRD-PARTY SOCIAL MEDIA PLATFORM (E.G., FACEBOOK, INC.), ANY THIRD-PARTY PERSON MAKING AVAILABLE THE DEVICES OR OPERATING SYSTEMS FOR WHICH CERTAIN WEBSITE RESOURCES, CONTENT, OR SERVICES ARE AVAILABLE (E.G., GOOGLE, INC.), AND ANY THIRD-PARTY PERSON OPERATING ANY SITE TO OR ON WHICH THE PLATFORM CONTAINS A LINK. THE INCLUSION OF A LINK ON THE PLATFORM DOES NOT IMPLY, DIRECTLY OR INDIRECTLY, ANY ENDORSEMENT OR SPONSORSHIP OF, OR RELATIONSHIP TO, THE LINKED SITE BY COMPANY OR BY OUR AFFILIATES, SUCCESSORS, AND ASSIGNEES.
Rights under the General Data Protection Regulation (GDPR)
Applicability of the GDPR. To the extent Company, as a Data Controller, processes personal information, including Personal Data, of an EU-resident User, and meets any of the following four (4) criteria, Company is subject to the mandates of the GDPR:
- Company has an establishment in the European Union (EU); or
- Company is not established in the EU, but either:
- Offers goods or services to Users who are EU residents; or
- Monitors the behavior of Users who are EU residents.
Rights under the GDPR. To the extent Company is subject to the obligations and mandates of the GDPR, Company shall afford the EU-resident User the following rights, all of which are defined and elaborated upon in Articles 12 to 23 of Chapter 3 of Regulation (EU) 2016/679 (General Data Protection Regulation):
- the right to be informed of the Processing of Your information, including Personal Data;
- the right of access Your information, including Personal Data;
- the right to rectification or cancellation of the Processing of Your information, including Personal Data;
- the right to erasure or deletion (the “right to be forgotten”) of Your information, including Personal Data;
- the right to restrict Processing of Your information, including Personal Data;
- the right to portability of Your personal information, including Personal Data;
- the right to object to Processing of Your personal information, including Personal Data; and
- rights in relation to automated decision-making and profiling.
Exercising Your Rights under the GDPR. You may exercise any of the foregoing rights by contacting us in accordance with the section titled “Comments, Concerns, and complaints.” Please be advised that Company may request You to verify Your identity prior to responding or to fulfilling Your requests. Moreover, you have the right to complain to a Data Protection Authority (DPA) about Our data processing practices with respect to your information and data, including the Personal Data. If you are in the European Economic Area (EAA), please contact your local DPA in the EEA.
General Provisions
California Privacy Rights. Under California Civil Code Section 1798.83, Users of the Platform that are California residents may request certain information, including Personal Data, regarding Our disclosure of Personal Data to third-party individuals or entities for direct marketing or promotional purposes. To make such a request, please contact Company in accordance with the section titled “Comments, Concerns, and Complaints.”
Do-Not-Track Technology. The Website will continue to operate as described in this Privacy Policy, whether or not a “Do Not Track” signal or similar mechanism is received from Your web browser. We do not support Do Not Track (“DNT”) technology. You can enable or disable DNT by adjusting, altering, or changing the settings on the web browsers of Your preference.
Comments, Concerns, and Complaints. All feedback, comments, request for technical support, and other communications relating to the Platform, the Platform’s contents, resources, and services, and the privacy of Your data, including Personal Data, should be directed to the applicable agents and representatives in the manner and the means laid forth below. All communications must be performed by e-mail, telephone, fax, or U.S. Mail, using the information as follows:
- E-Mail: patienthappiness@skinsolutionsderm.com
- Telephone: (615) 771-7546
- U.S. Mail: Skin Solutions Dermatology, 200 Cool Springs Boulevard, Franklin, Tennessee 37067