PRIVACY POLICY

Perfect Body Laser & Aesthetics®

No Needles, Cutting, Downtime®

1150 Sunrise Highway, Bay Shore, NY 11706  |  888-376-9029  |  perfectbodylaser.com

Effective Date: January 1, 2024

Last Updated: January 1, 2024

 

1. Introduction

Perfect Body Laser & Aesthetics® (referred to in this policy as “Perfect Body Laser,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we collect it, how we use and share it, and the rights and choices you have regarding your information.

This Privacy Policy applies to information we collect through our website at perfectbodylaser.com and any related subdomains, our online forms and chat features, our text message and email communications, our telephone interactions with you, and the in-person interactions you have with our staff at our Bay Shore, New York location (collectively, our “Services”).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

Important note about scope. Perfect Body Laser & Aesthetics® is a non-surgical aesthetic and laser center. We are not a HIPAA-covered entity in the traditional clinical sense. However, we voluntarily handle the personal and treatment-related information you share with us with a high standard of confidentiality and security, consistent with industry best practices and applicable law.

2. Information We Collect

We collect several categories of information from and about you. The specific information we collect depends on how you interact with our Services.

2.1 Information You Provide Directly

When you complete a form, request a free evaluation and customized treatment plan, communicate with us, or visit our location, you may provide:

  • Identifiers such as your full name, email address, mailing address, telephone number, and date of birth.
  • Demographic information such as age range, gender, and language preference.
  • Health and treatment-related information, including health history relevant to treatment safety, contraindications, allergies, current medications, prior aesthetic services, and the goals or concerns you wish to address.
  • Body measurements and weight, collected during in-person evaluation.
  • Photographs taken for clinical documentation, treatment planning, and progress tracking.
  • Payment and financial information, including credit or debit card details, billing address, and financing application information when you elect to enroll in a treatment plan. Payment card data is processed by our third-party payment processors and is not retained on our systems beyond what is required for transaction confirmation and recordkeeping.
  • Communications you send to us, including the content of emails, text messages, chat conversations, voicemails, social media messages, and post-treatment evaluation forms.
  • Marketing preferences and consents, including your opt-in choices for email, SMS, and other communications.

2.2 Information We Collect Automatically

When you visit our website, use our online forms, or interact with our digital communications, we and our service providers automatically collect:

  • Internet Protocol (IP) address.
  • Browser type and version, operating system, and device type (desktop, mobile, tablet).
  • Referring website or source, including the search terms or advertisement that brought you to our site.
  • Pages viewed, time spent on each page, scroll depth, click events, form interactions, and the order in which you navigate our site.
  • General geographic location derived from your IP address (typically at the city or region level).
  • Date and time of your visit and session duration.
  • Session recordings and behavioral analytics, as further described in Section 7.
  • Information collected through cookies, pixels, tags, and similar technologies, as described in Section 6.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Advertising platforms that provide us with conversion data, audience insights, and information about ads you have engaged with.
  • Lead generation partners and review platforms, when you submit your information to a third party that shares it with us.
  • Service providers who perform services on our behalf, such as call tracking, scheduling, customer relationship management (CRM), and marketing automation.
  • Publicly available sources.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to your inquiries and schedule your free evaluation and customized treatment plan consultation.
  • To provide our aesthetic and laser services, including conducting safety screenings, reviewing contraindications, planning customized treatment protocols, and documenting treatment progress.
  • To process payments, financing applications, and refunds.
  • To send appointment confirmations, reminders, follow-up communications, and post-treatment evaluation requests.
  • To send marketing communications about our services, promotions, and events, where you have provided the appropriate consent.
  • To personalize your experience on our website and tailor the content we show you.
  • To improve our website, services, and customer experience through analytics, session review, and research.
  • To detect, prevent, and respond to fraud, security incidents, harassment, abuse, defamation, and other unlawful or harmful activity.
  • To establish, exercise, or defend legal claims, including responding to subpoenas, court orders, and other legal process.
  • To comply with applicable laws, regulations, and professional standards.
  • For any other purpose disclosed to you at the point of collection or with your consent.

4. Legal Bases for Processing

Where required by applicable law (including for visitors located in the European Economic Area, the United Kingdom, or other jurisdictions with comparable laws), we process your personal information on the following legal bases:

  • Performance of a contract, when processing is necessary to provide the services you have requested.
  • Legitimate interests, including operating our business, improving our services, securing our website, preventing fraud and abuse, and conducting direct marketing where permitted.
  • Consent, which you may withdraw at any time, for activities such as sending you marketing emails, sending you text messages, using non-essential cookies, and processing sensitive information beyond what is necessary for safety screening.
  • Compliance with a legal obligation.
  • Establishment, exercise, or defense of legal claims.

5. Cookies and Similar Technologies

We use cookies and similar tracking technologies (such as pixels, tags, web beacons, local storage, and software development kits) to collect information about your interaction with our website. The categories below describe how we use these technologies.

5.1 Strictly Necessary

These technologies are essential for the website to function and cannot be switched off. They include cookies that maintain your session, remember your preferences, secure form submissions, and protect against fraudulent activity. Without these, parts of the site will not work.

5.2 Analytics and Performance

These technologies help us understand how visitors use our website so we can improve it. They collect information such as pages visited, time spent, scroll behavior, click patterns, and technical errors. We use providers including Google Analytics 4 and Microsoft Clarity for this purpose. The information collected is generally aggregated, but in some cases (such as session recordings) it can be linked to a specific session or device.

5.3 Advertising and Marketing

These technologies help us deliver relevant advertising on our website and on other websites and platforms you visit. They include Pixels, tags, and similar technologies from advertising partners. They allow us to measure the effectiveness of our advertising, build audiences of users with similar characteristics, and show you ads that may be of interest based on your prior interactions with our brand.

5.4 Functional

These technologies enable enhanced functionality and personalization, such as remembering your language preference, pre-filling forms, and providing live chat or text-based engagement.

5.5 Managing Cookies

You can manage your cookie preferences through the cookie consent banner on our website. You can also configure your browser to block or delete cookies, but doing so may affect your ability to use certain features. For information about opting out of interest-based advertising, you can visit:

  • Network Advertising Initiative: optout.networkadvertising.org
  • Digital Advertising Alliance: optout.aboutads.info
  • European Interactive Digital Advertising Alliance: youronlinechoices.eu

6. Session Recording, Heatmaps, and Behavioral Analytics

We use tools to better understand how visitors interact with our website. These tools record session activity such as mouse movement, clicks, scrolls, taps, and the pages you view. They also generate heatmaps that show, in aggregate, where visitors click and how far they scroll on our pages.

Session recordings are stored on the third-party provider’s servers and used solely for the purpose of analyzing and improving our website experience. Form fields containing sensitive information, such as payment card numbers and password fields, are masked and not captured in recordings.

By using our website, you understand that session activity may be recorded. You can find Microsoft’s privacy practices at privacy.microsoft.com. To opt out of Microsoft Clarity tracking, you can use the cookie consent banner on our website or configure your browser to block analytics cookies.

7. Photographic Documentation

Photographic documentation is a standard part of our consultation and treatment process and is captured during your in-person visits. Photos are stored in our clinical photography system with restricted access limited to authorized staff. We do not use your photographs for marketing, social media, advertising, or any external publication unless you provide separate, specific, written consent on a release form. 

In states that classify certain photographic data as biometric information (such as Illinois under the Biometric Information Privacy Act), we do not collect, capture, or store any biometric identifiers as defined under those laws beyond standard photographs used for treatment documentation purposes.

8. SMS and Text Messaging Program

When you provide your mobile number and opt in to receive text messages from Perfect Body Laser & Aesthetics® (whether through a form on our website, a verbal request, a written intake form, or by texting us first), you consent to receive text messages from us, which may be sent using an automated system. The terms below apply to our SMS program.

Program description. Our SMS program is used to respond to inquiries, schedule and confirm appointments, share appointment reminders, deliver follow-up communications, send promotional offers and updates about our services, and provide customer support.

Message frequency. Message frequency varies depending on your engagement with us. You may receive multiple messages per week.

Message and data rates. Message and data rates may apply, depending on your mobile plan and carrier.

Opt-in. You consent to receive text messages from us when you provide your mobile number and affirmatively agree to receive texts. Consent is not a condition of purchase or of receiving services.

Opt-out. You can stop receiving text messages from us at any time by replying STOP to any message you receive. After you reply STOP, you will receive one final confirmation message and no further messages will be sent. You can re-subscribe at any time by texting us again or by contacting us.

Help. For help with our SMS program, reply HELP to any message you receive, or contact us at [email protected].

Carrier disclaimer. Wireless carriers, including AT&T, T-Mobile, Verizon, U.S. Cellular, and others, are not liable for delayed or undelivered messages.

Sharing of mobile information. We do not share, sell, rent, or otherwise transfer your mobile phone number or SMS opt-in data to third parties or affiliates for their own marketing purposes. We share mobile information only with service providers that help us operate our SMS program (such as our messaging platform), and only as necessary to deliver the services you have requested.

9. Telephone Calls and Call Recording

Telephone calls to and from our toll-free, tracking, and main line numbers may be recorded and monitored for quality assurance, training, scheduling, and recordkeeping purposes. By placing a call to us or accepting a call from us, you consent to the recording of that call. Where required by applicable law, you will be notified at the start of the call that the call may be recorded.

Call recordings, transcripts, and metadata (such as the time, duration, and origin of the call) may be stored by our telephone service providers and used internally to improve our services, resolve disputes, prevent fraud, and respond to legal process.

10. Email Communications

We send transactional emails (such as appointment confirmations and reminders) to anyone who provides an email address in connection with our services. We send promotional emails only to individuals who have provided the appropriate consent under applicable law, including the federal CAN-SPAM Act.

Every promotional email we send includes a clear unsubscribe link. You can also unsubscribe at any time by replying to any of our emails or by contacting us at [email protected].

11. Online Advertising and Cross-Site Tracking

We engage in online advertising, including search advertising, social media advertising, display advertising, and retargeting. To support these efforts, our advertising partners may set cookies and similar technologies on our website that collect information about your interactions with our site and other sites. This information is used to measure ad performance, identify audiences, and deliver ads that may be of interest to you.

Our advertising partners include, among others. These partners have their own privacy policies, which govern their use of the information they collect.

You can manage your interest-based advertising preferences through the resources listed in Section 5.5, through your device or browser settings, or through the privacy controls offered by individual advertising platforms.

12. How We Share Your Information

We do not sell your personal information for money. We share information only as described below.

12.1 Service Providers

We share information with third-party service providers who perform services on our behalf and are contractually obligated to protect your information and use it only for the purposes we direct. These categories include:

  • Customer relationship management and marketing automation platforms.
  • Communications platforms for SMS, voice, email, and chat.
  • Appointment scheduling and calendar systems.
  • Electronic contract, consent form, and document management systems.
  • Clinical photography and image management systems.
  • Payment processors and financing partners.
  • Website hosting, analytics, session recording, and security providers.
  • Advertising partners and analytics platforms.
  • Professional advisors, including attorneys, accountants, insurers, and consultants.

12.2 Third-Party Service Providers

The principal third-party service providers we currently use, or may use, change from time to time as we update our technology stack.

  • (CRM, marketing automation, scheduling, SMS, and voice).
  • (SMS, voice, and telephone number provisioning).
  • (Workspace, Analytics, Ads, Calendar).
  • (Platform advertising and pixels).
  • (Session analytics).
  • PandaDoc (Electronic Contracts and Consent forms).
  • (Appointment scheduling for clients).
  • (Clinical photography and image management).
  • (Workflow automation between platforms).
  • (Payment processors and financing partners and similar providers, where applicable).
  • (Website security and analytics tools and plugins).

12.3 Legal and Safety Disclosures

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, subpoena, court order, or governmental request.
  • Enforce our terms, policies, agreements, and contracts.
  • Investigate, prevent, or respond to suspected fraud, harassment, defamation, threats, security incidents, or violations of law.
  • Protect the rights, property, safety, and reputation of Perfect Body Laser & Aesthetics®, our staff, our clients, and the public.

12.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer to the extent required by law.

12.5 With Your Consent

We may share your information for any other purpose with your consent.

12.6 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for any purpose, including business analytics, research, and marketing.

13. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal and recordkeeping obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements. Specific retention periods include:

  • Marketing data, including email and SMS opt-in records: retained until you opt out or otherwise request deletion, subject to applicable recordkeeping requirements.
  • Website analytics, session recordings, and behavioral data: retained for up to 72 months by default, or as configured by the relevant analytics provider.
  • Call recordings: retained for the period necessary for quality assurance and dispute resolution, typically up to 72 months.
  • General inquiry and lead records: retained for up to 72 months from the last point of contact, after which they are anonymized or deleted.

14. How We Protect Your Information

We implement reasonable administrative, technical, and physical safeguards designed to protect the personal information in our possession against unauthorized access, alteration, disclosure, or destruction. These safeguards are consistent with the New York Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”) and other applicable security laws. Our practices include:

  • Encryption in transit for information transmitted through our website and electronic communications.
  • Access controls limiting personal information to staff who need it to perform their job duties.
  • Staff training on confidentiality, data protection, and information security.
  • Vendor due diligence and contractual data protection obligations with our service providers.
  • Logging, monitoring, and security plugins designed to detect and respond to unauthorized activity.
  • Periodic review and updating of our security program.

No system is completely secure. While we work to protect your information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

15. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and, where applicable, regulators in the manner and within the timeframes required by applicable law, including the New York SHIELD Act, the New York Information Security Breach and Notification Act, and other state and federal data breach laws.

16. Your Privacy Rights

Depending on where you live and the nature of your interaction with us, you may have the following rights regarding your personal information. We honor these rights regardless of where you live, to the extent reasonably possible.

  • Right to know and access: You may request confirmation of whether we process personal information about you and request a copy of that information.
  • Right to correct: You may request that we correct inaccurate personal information about you.
  • Right to delete: You may request that we delete personal information we hold about you, subject to exceptions permitted by law (such as our need to retain treatment, financial, and legal records).
  • Right to data portability: You may request that we provide your personal information in a portable, machine-readable format.
  • Right to opt out of sale or sharing: We do not sell personal information for money. To the extent that any sharing of personal information for cross-context behavioral advertising constitutes “sharing” or “selling” under applicable law, you have the right to opt out.
  • Right to opt out of targeted advertising: You may opt out of the use of your personal information for targeted advertising.
  • Right to limit use of sensitive personal information: You may request that we limit our use and disclosure of sensitive personal information to what is necessary to provide our services.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to appeal: If we deny your request, you may appeal our decision by contacting us at [email protected].

How to exercise your rights. You can submit a privacy rights request by emailing by mailing a written request to the address in Section 22. We will need to verify your identity before responding to your request, which may include asking you to confirm information we already have on file. You may also designate an authorized agent to submit a request on your behalf, subject to our verification of the agent’s authority.

Response timeframe. We will respond to verifiable requests within the timeframes required by applicable law, generally within (60) days, with the possibility of one extension where reasonably necessary.

17. Notice to California Residents

This section provides additional information for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”).

17.1 Categories of Personal Information Collected

In the past twelve (12) months, we have collected the following categories of personal information from California residents:

  • Identifiers (name, email, phone, mailing address, IP address, online identifiers).
  • Categories listed in Cal. Civ. Code 1798.80(e) (name, address, telephone, financial information).
  • Protected characteristics (age, gender) where voluntarily provided.
  • Commercial information (services purchased, considered, or inquired about).
  • Internet and electronic network activity (browsing history on our site, interaction with our content and advertising).
  • Geolocation data (general location derived from IP address).
  • Audio and visual information (call recordings, photographs taken in connection with services, session recordings).
  • Sensitive personal information (health information you provide for treatment safety screening, financial information for payment).
  • Inferences drawn from the above (for example, your interest in particular services).

17.2 Sources, Purposes, and Disclosures

The sources, business purposes, and categories of recipients are described throughout this policy, including in Sections 2, 3, and 12. We disclose each of the categories above to the categories of service providers and third parties listed in Section 12.

17.3 Sale or Sharing of Personal Information

We do not sell personal information in exchange for money. To the extent the use of advertising cookies, pixels, and similar technologies constitutes “sharing” of personal information for cross-context behavioral advertising under the CCPA, you have the right to opt out. You can do so through our cookie consent banner, by enabling Global Privacy Control in your browser (which we honor as a valid opt-out signal), or mailing a written request to the address in Section 22.

17.4 Sensitive Personal Information

We use sensitive personal information (such as health and financial information) only for the purposes of providing our services, ensuring your safety, processing payments, complying with the law, and the other purposes permitted under CCPA Section 7027(m). We do not use sensitive personal information for the purpose of inferring characteristics about you.

17.5 Shine the Light

California residents may request, once per year, a list of the categories of personal information we have shared with third parties for those parties’ direct marketing purposes during the prior calendar year. To make such a request, contact [email protected].

18. Notice to Residents of Other U.S. States

Residents of states with comprehensive consumer privacy laws, including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, and Rhode Island, may have rights similar to those described in Section 16. To exercise these rights, please contact [email protected] or use the contact methods in Section 22. We honor verifiable requests in accordance with the law of your state.

19. Notice to EU, EEA, UK, and Swiss Visitors

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (the “GDPR”), the UK GDPR, or comparable laws. These include the rights described in Section 16, as well as:

  • The right to object to processing based on our legitimate interests.
  • The right to restrict processing in certain circumstances.
  • The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • The right to lodge a complaint with your local data protection supervisory authority.

We are based in the United States, and information you provide will be transferred to, processed, and stored in the United States. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

20. Children’s Privacy

Our Services are not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under thirteen. We do not provide services to minors without the involvement and consent of a parent or legal guardian. If you believe we have inadvertently collected personal information from a child under thirteen, please contact us at [email protected] so that we can take appropriate action.

21. Do Not Track and Global Privacy Control

Our website does not respond to “Do Not Track” (DNT) signals from browsers, because there is no consistent industry standard for how to interpret them. We do honor the Global Privacy Control (GPC) signal as a valid opt-out of “sharing” of personal information for cross-context behavioral advertising under the CCPA and similar laws. When we detect a GPC signal from your browser, we will treat it as a request to opt out of sharing for that browser and device.

22. Third-Party Websites and Services

Our website may contain links to third-party websites, services, and platforms (including social media sites such as Facebook, Instagram, YouTube, and TikTok, as well as financing partners and review platforms). These third parties operate independently of us and have their own privacy practices. We are not responsible for the privacy practices or content of any third-party site or service. We encourage you to review the privacy policies of any third party before providing your information.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, services, or legal requirements. When we make changes, we will revise the “Last Updated” date at the top of this policy. If the changes are material, we will provide additional notice by posting a prominent notice on our website, or by emailing or texting you (where we have your contact information and the appropriate consent).

Your continued use of our Services after the effective date of an updated Privacy Policy constitutes your acknowledgment of the updated terms, to the extent permitted by applicable law.

24. How to Contact Us

If you have questions, comments, or requests regarding this Privacy Policy or our privacy practices, please contact us using the method below.

By Mail:

Perfect Body Laser & Aesthetics®

Attn: Privacy Officer

1150 Sunrise Highway

Bay Shore, NY 11706

United States

 

Copyright & Trademark Notice: All content on this page, including text, graphics, photos, videos, logos, slogans, and trademarks (including Perfect Body Laser®, Perfect Body Laser & Aesthetics®, and No Needles, Cutting, Downtime®), is the exclusive legal property of Perfect Body Laser & Aesthetics® and is protected under U.S. and international copyright and trademark laws. Any unauthorized use, reproduction, distribution, or display, in whole or in part, is strictly prohibited under federal law and will be pursued to the fullest extent of the law. © 2007 to present, Perfect Body Laser & Aesthetics®. All Rights Reserved.