info@alcmedspa.com (224) 504-1959

Privacy Policy

Effective Date: 1/1/2020
Last Updated: 10/1/2025

This Privacy Policy applies to ALC Medspa (“we,” “our,” “us”) and governs how we collect, use, and safeguard your personal information. This policy is hosted on our official website domain and accessible via a dedicated webpage, clearly linked in our website footer.

We are committed to protecting your privacy in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Telephone Consumer Protection Regulations (“TCR”), and all other applicable federal and state regulations.

1. Information We Collect

We may collect the following categories of information:

A. Personal Information

  • Name, address, phone number, and email address.
  • Date of birth, gender, and emergency contact details.
  • Billing and payment information.

B. Protected Health Information (PHI)
As defined by HIPAA, this includes:

  • Medical history, current health conditions, medications, allergies.
  • Records of treatments, procedures, and products received.
  • Provider notes, diagnostic results, and aftercare instructions.

C. Website & Digital Interaction Data

  • IP address, browser type, device identifiers.
  • Website usage patterns via cookies or similar tracking technologies (for analytics and functionality only).

2. How We Use Your Information

We use your information solely for lawful purposes, including:

  • Providing medical aesthetic and wellness services.
  • Maintaining accurate patient records.
  • Scheduling and confirming appointments.
  • Sending appointment reminders, aftercare instructions, and TCR-compliant text communications.
  • Processing payments and insurance claims, if applicable.
  • Complying with applicable legal and regulatory requirements.

3. How We Share Your Information

We will not share, sell, rent, or trade your mobile number, personal information, or personally identifiable information (PII) with third parties or affiliates for marketing purposes.

We may share your information only in the following limited circumstances:

  • With Your Authorization: Written authorization is required for any use or disclosure of your PHI for marketing purposes.
  • For Treatment: To coordinate your care among ALC Medspa providers or other healthcare professionals.
  • For Payment: To process payments, insurance claims, or verify coverage.
  • For Healthcare Operations: For quality improvement, compliance, and accreditation purposes.
  • As Required by Law: If necessary to comply with legal obligations, court orders, or subpoenas.

4. Your Rights Under HIPAA & TCR

You have the right to:

  • Access and obtain a copy of your medical records.
  • Request amendments to your records.
  • Receive an accounting of certain disclosures of your PHI.
  • Request restrictions on certain uses or disclosures.
  • Request confidential communications, including opting in or out of TCR-compliant text messaging at any time.
  • File a complaint without fear of retaliation.

Requests must be submitted in writing to our Privacy Officer (contact details below).

5. Data Security Measures

We maintain strict safeguards to protect your information, including:

  • HIPAA-compliant electronic medical records (Boulevard).
  • Secure, access-controlled paper file storage.
  • Encrypted communications where applicable.
  • Mandatory HIPAA and TCR training for all staff.

6. Cookies & Online Tracking

Our website uses cookies to enhance user experience and monitor performance. You may disable cookies in your browser settings; however, some features may not work as intended. We do not use cookies for third-party marketing or advertising purposes.

7. Third-Party Service Providers

We may use HIPAA-compliant third-party vendors for hosting, analytics, secure communications, and text messaging services. All such vendors are contractually obligated to protect your data consistent with HIPAA and TCR requirements.

8. Data Retention

Medical records are retained for the minimum period required by state and federal law (at least five years from the date of last treatment) or as otherwise required by HIPAA. Non-medical records are retained only as long as necessary to fulfill the purposes outlined in this policy.

9. Children’s Privacy

We do not knowingly collect personal information from individuals under the age of 18 without the consent of a parent or legal guardian.

10. Changes to This Policy

We may update this Privacy Policy at any time. The updated version will be posted on this webpage with the “Last Updated” date. Your continued use of our website or services after updates constitutes acceptance of the revised policy.

11. Contact Information

Privacy Officer
ALC Medspa
5101 Washington St, Ste #13
Phone: (224) 1959
Email: admin@alcmedspa.com

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us.