Site Privacy Policy

Last Revised October 20, 2022 (“Effective Date”)

We value your privacy. By visiting our Site and using the Services, you agree that your personal information will be handled as described in this Site Privacy Policy.

Please review this Site Privacy Policy carefully before using the Services (as defined herein) or our Site (as defined herein). Using this Site confirms each user’s (“you” or “your”) consent and agreement to this Site Privacy Policy and to our Terms of Use. If you do not agree to the terms of this Site Privacy Policy, please do not use this Site.

We may change this Site Privacy Policy or modify any features of the Services at any time. You should check the date of this Site Privacy Policy (which appears above) and review any changes that have been made since your last visit to the Site. The most current version of this Site Privacy Policy can be viewed by clicking on the “Site Privacy Policy” link posted at portraitcare.com/privacy-policy. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications.

1. Introduction

DermDocs, P.C. is a California medical corporation, Portrait Health Care, PLLC is a Arizona professional limited liability corporation and Portrait Health Care New Jersey, PC is a New Jersey professional medical corporation (collectively “Medical Groups”) which engage in the practice of medicine under the names DermDocs and Portrait, and provides Dermatology care and treatment to its patients, including but not limited to cosmetic dermatology, personalized skin care services, delivery of personalized dermatological products and telemedicine services (the “Services”). Portrait Health, Inc. owns and operates the website located at https://www.portraitcare.com/ and other related websites and mobile applications with links (collectively, the “Site”) to this Site Privacy Policy (“Privacy Policy”) enabling members (“Members”) to use the Services.

For purposes of this Privacy Policy, the references to “we,” “us,” or “our” will refer as applicable to Medical Groups and Portrait Health, Inc. and each of their respective Affiliates. The term “Affiliates” means any entity or person that controls, is controlled by, or under common control with, such as a subsidiary, parent company, agent, representative or employee.

Medical Groups and Portrait Health, Inc. understand that your privacy is important to you. We have developed this Privacy Policy to explain how we collect, use, and disclose information from and/or about you when you use the Site or the Services. The Site will be collecting and transmitting personal, medical, and other health-related information about you. By using the Site and/or the Services, you agree that we may collect and use your personal and other information as described in this Privacy Policy. If you do not agree, please do not use the Site or the Services. If you do not understand any aspect of this Privacy Policy, please feel free to contact us by sending an e-mail to support@portraitspa.com. This Privacy Policy is a part of our Terms of Use, so by accepting the Terms of Use you are also consenting to the use and disclosure of your personal information as outlined in this Privacy Policy. We may change this Privacy Policy at any time. You should visit this page periodically to review the Privacy Policy. You agree that your continued access and use of this Site will bind you to any new terms of the Privacy Policy and the Terms of Use. By using the Site, you are agreeing to our collection, use, and disposal of your Personal Information and other data as described in this Privacy Policy, both as it exists now and as it is changed from time to time. PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY.

2. Important Definitions.

  1. When we use the term “Personal Information” in this Privacy Policy, we mean information about you that is personally identifiable to you, such as your contact information (e.g., name, mailing address, e-mail address, or telephone number), personally identifiable health or medical information (“Health Information”), and any other non-public information that is associated with such information (collectively, “Personal Information”).When we use the term “De-Identified Information”, we mean information that is neither used nor intended to be used to personally identify an individual, and for which there is no reasonable basis to believe that the information can be used to identify an individual.When we use the term “Cookies”, we mean the small pieces of information that a Site sends to your browser while you are viewing a website. When you visit that website again, the Cookie allows the website to recognize your web browser. Cookies may store unique identifiers, user preferences, and other information.
  2. When we use the term “De-Identified Information”, we mean information that is neither used nor intended to be used to personally identify an individual, and for which there is no reasonable basis to believe that the information can be used to identify an individual.
  3. When we use the term “Cookies”, we mean the small pieces of information that a Site sends to your browser while you are viewing a website. When you visit that website again, the Cookie allows the website to recognize your web browser. Cookies may store unique identifiers, user preferences, and other information.

3. Questions

If you have questions or concerns about this Privacy Policy, please contact us by sending an e-mail to support@portraitspa.com.

4. HIPPA

Our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA“). We will maintain the privacy of your Protected Health Information (“PHI”) as required by HIPAA and the regulations promulgated thereunder. We encourage you to review our Notice of Privacy Practices, which may be found at portraitspa.com/privacy-practices and which describe how we may use and disclose your Health Information.

5. California Privacy Rights.

California residents have special protections under state law regarding the access and use of Personal Information. See CAL. CIVIL CODE §§ 1798.80 to .84. Under California Civil Code section 1798.83, California residents who have an established business relationship with us have the right to request that we provide certain information regarding the disclosure of their personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may contact us by sending an e-mail to support@portraitspa.com to request such information.

6. Individuals Under Age 18.

This Site is not directed to children and children are not eligible to use the Services. We will not knowingly collect information from Site users under the age of eighteen (18). If you are under age 18, please do not attempt to use the Site or any of the Services or provide any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under 18, we will delete that information as quickly as possible. If you believe a person who is underage has signed up for an account, please contact us via e-mail at support@portraitspa.com.

7. The Personal Information we may collect and/or maintain about you includes (but is not limited to):

  1. Your name, age, e-mail address, username, password, and other registration information;Health Information that you provide to us, which may include information or records relating to your medical or health history, health status, laboratory testing results, diagnostic images, and other health related information;
  2. Health information about you prepared by the health care provider(s) who provide the Services through the Site such as medical records, treatment and examination notes, and other health related information;
  3. Billing information that you provide us, such as credit card information;
  4. The IP address of the computer or mobile device you are using;
  5. Information about the computer or mobile device you are using, such as what Internet browser you use, the kind of computer or mobile device you use, and other information about how you use the Site and/or how much time you spend on the Site; and
  6. Other information that you input into the Site.

8. We may collect Personal Information from you when you

  1. Create an account or register on the Site;
  2. Sign up for an event;
  3. Order items or services through the Site;
  4. Fill out a form or otherwise provide your information to us;
  5. Respond to a survey;
  6. Subscribe to a newsletter;
  7. Submit or post content; and
  8. Engage in other activities, services, features or resources that we make available on the Site that require your information.

9. We may use your Personal Information for the following purposes (subject to applicable legal restrictions):

  1. To provide you with the Services and customer support (e.g., administer your account, process your payments, fulfill your orders);
  2. Verify your identity;
  3. To improve the quality of the Services offered, through the performance of quality reviews and similar activities;
  4. To create De-Identified Information (e.g., aggregate statistics) relating to the use of the Services;
  5. To notify you when Site updates are available;
  6. To market and promote the Site and the Services to you (you can “opt out” of receiving direct marketing and/or market research inquiries by e-mailing us at support@portraitspa.com. Please note that even if you opt-out, we may still send you certain Site and Services related communications.);
  7. To fulfill any other purpose for which you provide us Personal Information; and
  8. For any other purpose for which you give us authorization or as otherwise required or permitted by law.

10. We also may disclose your Personal Information that we collect or that you provide (subject to applicable legal restrictions):

  1. To our subsidiaries and affiliates;
  2. To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and to use it only for the purposes for which we disclose it to them;
  3. To third parties to whom you ask us to send such information. If applicable, any disclosures to your health plan will be in strict compliance with the limitations imposed on disclosures of PHI to group health plans under HIPAA.
  4. As required or permitted by law, which can include providing information as required by a regulation, subpoena, court order, legal process, or government inquiry;
  5. When we believe in good faith that disclosure is necessary to protect your safety or the safety of others, to protect our rights, to investigate fraud, or to respond to a government request;
  6. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Medical Groups’ or Portrait Health, Inc.’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information maintained by the Site is among the assets transferred; and
  7. For any other purpose disclosed by us when you provide the Personal Information.

11. We will not sell or lease your Personal Information to any third party.

12. Information We Collect via Technology.

As you use the Site or the Services, certain information may be passively collected by Cookies, navigational data like Uniform Resource Locators (“URLs”) and third party tracking services, including:

  1. Site Activity Information. We may keep track of some of the actions you take on the Site, such as the content of searches you perform on the Site.
  2. Access Device and Browser Information. When you access the Site from a computer or other device, we may collect anonymous information from that device, such as your Internet protocol address, browser type, connection speed and access times (collectively, “Anonymous Information”).
  3. Cookies. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies to make the Site and Service easier to use, to make our advertising better, and to protect both you and us. You can instruct your browser, by changing its options, to stop accepting Cookies or to prompt you before accepting a Cookie from the websites you visit. If you do not accept Cookies, however, you will not be able to stay logged in to the Site.
  4. Do Not Track (“DNT”) Signals. California law requires this Privacy Policy to address how we respond to any DNT signal delivered by your browser. You may set your browser to refuse these data collection methods, but our Site may not recognize or respond to DNT technologies employed by your browser. We do not alter its practices when it receives a “Do Not Track” signal from a visitor’s browser. You can enable or disable Do Not Track by vising the Preferences or Settings page of your web browser.
  5. Web Beacons. We may also occasionally use "web beacons" (also known as "clear gifs," "web bugs," "1-pixel gifs," etc.) that allow us to collect non Personal Information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a web page or e-mail that can tell us if you have visited a particular area of the Site. For example, if you have given us permission to send you emails, we may send you an email urging you to use a certain feature of the Site. If you do respond to that email and use that feature, the web beacon will tell us that our email communication with you has been successful. Because web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, web beacons cannot function.
  6. Real-Time Location. Certain features of the Site use GPS technology to collect real-time information about the location of your device so that the Site can connect you to a health care provider who is licensed or authorized to provide services in the state where you are located.
  7. Mobile Services. We may also collect non-Personal Information from your mobile device or computer. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include how you use the application(s) and information about the type of device or computer you use. In addition, in the event our application(s) crashes on your mobile device we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our application(s).
  8. Google Analytics. We use Google Analytics to help analyze how users use the Site. Google Analytics uses Cookies to collect information such as how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use the information we get from Google Analytics only to improve our Site and Services. Google Analytics collects only the IP address assigned to you on the date you visit the Site, rather than your name or other personally identifying information. Although Google Analytics plants a persistent Cookie on your web browser to identify you as a unique user the next time you visit the Site, the Cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this Site by disabling cookies on your browser.

13. De-Identified Information

We may use De-Identified Information created by us without restriction.

14. Information You Share with Third Parties.

This Privacy Policy applies only to information we collect through the Site and in email, text and other electronic communications set through or in connection with the Site. If you disclose information to others, including, for example, a partner providing goods and services, different rules may apply to their use or disclosure of the information you disclose to them. The use and disclosure restrictions contained in this Privacy Policy will not apply to any third party. We do not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable. When you click on links on the Site you may leave our site. We are not responsible for the privacy practices of other websites, and we encourage you to read their respective site privacy policies.

15. Modification of Information.

We will not verify, modify or otherwise alter any Member Personal Information without the consent of the applicable Member, however, we may correct any internal errors or modify any immaterial information at any time. Members will be able to update some of their information through the Site. Requests to modify any information may also be submitted directly to support@portraitspa.com.

16. Deletion of Information.

You may close your account online and request deletion of your Personal Information, but please note that we may be required (by law or otherwise) to keep this information and not to delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete Personal Information, it will be deleted from the active database, but may remain in our archives and we may also retain anonymous information about your use of the Services. Once we disclose some of your Personal Information to third parties, we may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. After we delete Personal Information, we will retain De- Identified Data and will continue to use De-Identified Data as permitted under this Privacy Policy.

17. Steps We Take to Keep Your Personal Information Secure.

We employ reasonable physical, electronic, and managerial security methods to help protect against unauthorized access to Personal Information, consistent with applicable law. We provide secure transmission of your Personal Information from your PC or mobile device to our servers and/or our Site. Personal Information collected by our Site is stored in secure operation environments that are not available to the public. Further, we use a password and authentication system that is user specific to ensure that users can only see the specific information to which they have been granted access. We also have policies, procedures, and controls to reduce the risk of unauthorized or accidental use, disclosure, or destruction of your Personal Information, and we train our employees on data security. Please be aware, however, that no data transmission via the Internet or a data storage facility is guaranteed to be perfectly secure. As a result, while we try to protect your Personal Information, we cannot ensure or guarantee the security of any information you transmit to us, and you do so at your own risk. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. As with all electronic communications there are potential risks such as failures of hardware, software, and/or internet connections. We are not responsible for failures, distortions, delays, or other problems resulting from equipment configuration, connection, signal power, hardware, software, or any equipment used to access the internet. We do not guarantee that the confidentiality or security of any electronic transmissions via the internet can be assured, due to potentially unsecure computers or links, which could result in your information becoming lost or intercepted during transmission. It is your responsibility to protect the security of your login information and to use good judgment before deciding to send information via the internet.

18. Third Party Sites.

The Site may contain links to other websites. We do not share your Personal Information with those third party sites, unless specifically authorized by you. We are not responsible for the privacy policies and practices of any third party site that may be linked to our Site and not wholly owned and controlled by Portrait Health, Inc. or its Affiliates. We aim to work with trusted partners and organizations which are bound by the same state and federal laws governing information privacy and security; however, we encourage you to be aware when you leave our Site and to review any privacy policy of a non-Portrait Health, Inc. website.

19. E-mail.

Transmittal of e-mails to this Site should not be considered to be private. Email transmissions should be considered to be at risk of becoming known or accessible to third parties. If you provide confidential information about you or your health to us via electronic communication, it is at your own risk. If you wish to correspond with us about your health via email, you will need to complete and return a Patient Consent to Allow Email Correspondence to us.

20. Updating Your Information.

If your information needs to be updated, corrected or deleted, please notify us. Your personal information can only be deleted in accordance without our data retention policy, and as permitted by law.

21. Access from Outside the United States.

Services are offered only within the United States, and the Site is only intended to be used by individuals in the United States. If you are visiting the Site from outside the United States of America, your information will be transferred to, stored, and processed in the United States. The privacy laws of the United States may not be as protective as those in your jurisdiction. By visiting the Site, you consent to the transfer of your information to the United States and the use and disclosure of your information as described in this Privacy Policy.

22. Social Media Features.

Our Site may include Social Media Features, such as the Facebook Like button and Widgets, such as the Share Button or interactive mini- programs that may run on our Site. These features may collect your IP address, which page you are visiting on our sites, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. This Privacy Policy does not apply to these features. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them.

23. Acceptance of Policy.

By using this Site, you signify and agree to the foregoing provisions and that you accept this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

24. Report Violations.

You should report any security violations to us by sending an e-mail to support@portraitspa.com.

25. Questions.

If you have any questions or concerns about this Privacy Policy, please contact us at support@portraitspa.com.