Skip to content

Effective Date: 7/1/2025

Data Privacy Statement For The Garden Medical Spa

Introduction And Key Highlights

At the Garden Medical Spa, we prioritize the protection of your personal and health information.

This Data Privacy Statement outlines our commitment to safeguarding your privacy while providing exceptional medical spa services. Key highlights include:

  • We collect only necessary personal and health information to provide quality care
  • Your information is protected through comprehensive security measures
  • You have specific rights regarding your information, including access and correction
  • We comply with all applicable federal and state laws, including HIPAA and the New Jersey Consumer Privacy Act
  • Regular reviews of our privacy practices ensure ongoing compliance with evolving regulations

Information We Collect

In the course of providing our medical spa services, we may collect the following types of personal and health information from our clients:

  • Full name, address, phone number, email address, date of birth, and other demographic information
  • Medical history, including existing conditions, allergies, medications, and any treatments or procedures received
  • Treatment preferences, concerns, and goals related to your care
  • Details of the treatments and services provided, including medical notes, photographs, and other related information
  • Payment information, such as credit card numbers, bank account details, or insurance plan information
  • Emergency contact information and, where applicable, information about your authorized representatives

How We Use and Disclose Information

Use of Information. We use the information we collect for the following purposes:

  1. To provide and improve the medical spa services and treatments you request
  2. To communicate with you about your appointments, treatments, and any follow-up care
  3. To process payments and maintain billing and accounting records
  4. To comply with legal and regulatory requirements, such as patient record-keeping
  5. To conduct internal operations, including quality assurance and customer service
  6. To identify and address potential safety concerns related to treatments
  7. To respond to your inquiries and requests for information

Disclosure of Information

We may disclose your information to third parties in the following limited circumstances:

  1. To healthcare providers, such as your primary care physician, to coordinate your care
  2. To billing and payment processors to facilitate transactions
  3. To our service providers who assist us in operating the medical spa, subject to appropriate confidentiality agreements
  4. To comply with a legal obligation, such as a court order or subpoena
  5. In the event of a sale, merger, or reorganization of our business, with appropriate safeguards for your privacy
  6. To prevent harm or injury, such as to protect against a serious threat to public health or safety
  7. For any other purpose disclosed to you at the time we collect your information, with your consent
  8. Internal team members for service and operational purposes.

We will not sell, rent, or otherwise disclose your personal information for direct marketing purposes without your explicit consent.

Client Rights

You have the following rights regarding your personal and health information:

  1. Right of Access: You can request a copy of the information we have about you. We will provide this information in a format that is easily accessible and understandable.
  2. Right to Correction: You can request that we correct any inaccurate or incomplete information we maintain about you.
  3. Right to Deletion: You can request that we delete your information, subject to certain exceptions, such as when we need to retain the information to comply with legal obligations or to protect our legal interests.
  4. Right to Restriction: You can request that we limit the way we use your information, particularly if you contest the accuracy of the information or if the processing is unlawful.
  5. Right to Objection: You can object to certain uses of your information, such as for marketing purposes or for purposes based on our legitimate interests.
  6. Right to Data Portability: You can request that we transfer your information to another service provider, where technically feasible.
  7. Right to Withdraw Consent: If we process your information based on your consent, you have the right to withdraw that consent at any time.


To exercise these rights, please contact our Privacy Officer at [contact information]. We will respond to your request within 30 days, as required by applicable law. We may extend this period by an additional 60 days when necessary, taking into account the complexity and number of requests.

Data Security and Breach Notification

Security Measures
We implement and maintain reasonable administrative, physical, and technical safeguards to protect your information from unauthorized access, use, or disclosure, including:

  1.  Secure storage and disposal of paper records, including locked filing cabinets and shredding procedures
  2. Encryption of electronic data and access controls on our systems, including password protection and multi-factor authentication
  3. Ongoing employee training on privacy and security best practices and their responsibilities in protecting client information
  4. Regular security assessments and updates to our systems and procedures
  5. Physical security measures at our facilities, such as restricted access areas and surveillance systems
  6. Vendor management processes to ensure third-party service providers maintain appropriate security measures

Breach Notification

In the event of a data breach that may compromise your information, we will:

  1. Conduct a thorough investigation to determine the scope and impact of the breach
  2. Notify you without unreasonable delay, but no later than 60 days after discovery, as required by HIPAA
  3. Provide you with information about the breach, including what happened, what information was involved, what we are doing to investigate and mitigate harm, and what you can do to protect yourself
  4. Notify relevant authorities, including the Department of Health and Human Services and the New Jersey Division of Consumer Affairs, as required by law
  5. Take appropriate steps to mitigate any potential harm resulting from the breach

Compliance With Laws and Regulations

The Garden Medical Spa is committed to complying with all federal and state laws and regulations governing the privacy and security of personal and health information, including but not limited to:

  1. The Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations
  2. The New Jersey Consumer Privacy Act
  3. The Health Information Technology for Economic and Clinical Health (HITECH) Act
  4. Applicable provisions of the Federal Trade Commission Act regarding unfair or deceptive practices
  5. State data breach notification laws

We have implemented comprehensive policies and procedures to ensure we meet the requirements of these laws, including:

  1. Regular staff training on privacy and security requirements
  2. Designation of a Privacy Officer responsible for overseeing compliance
  3. Implementation of administrative, physical, and technical safeguards
  4. Regular risk assessments and compliance audits
  5. Procedures for responding to privacy incidents and breaches
  6. Documentation of privacy practices and procedures

We regularly review and update our practices to maintain compliance with evolving legal requirements and industry best practices.

Changes to This Statement

We may update this Data Privacy Statement from time to time to reflect changes in our practices, legal requirements, or other factors. We will post the updated statement on our website and at our facility, with the effective date clearly indicated. For material changes that significantly affect your rights or how we use your information, we will provide notice through:

  1. Prominent posting on our website at least 30 days before implementation
  2. Direct communication, such as email or written notice, to affected clients
  3. Obtaining your consent, where required by law

We encourage you to periodically review this statement to stay informed about our privacy
practices.

Contact Information

If you have any questions, concerns, or requests regarding this Data Privacy Statement or our privacy practices, please contact our Privacy Officer:

Dr. Jay Mirmanesh
CEO, MD
The Garden Medical Spa
100 RT 73 N, Voorhees Township NJ, 08043
(856) 282-1338
info@thegardenmedspa.com