Service

1. Collection of Personal & Health Information

   When you book treatments or consultations, we collect personal information including your name, date of birth, phone number, email address, postal address, and appointment details. For medical spa services, we also collect health-related information necessary for the safe administration of your treatment — including medical history, current medications, allergies, prior procedures, and skin or wellness concerns. This information forms part of your medical record, which is the physical property of LenoyMed but contains information that belongs to you. Your medical record serves as a basis for planning your care, a means of communication among the professionals involved in your treatment, a legal document of the care you received, a means by which you or any payer can verify services billed, and a tool we use to continually improve the quality of care we provide

    

2. Use of Health Information — Treatment, Payment & Health Care Operations

   LenoyMed uses your Protected Health Information (“PHI”) without requiring separate authorization for the following purposes permitted by HIPAA: Treatment — information obtained by a nurse, physician, aesthetician, or other member of your care team is recorded in your record and used to plan and deliver your care, with their actions, observations, and assessments noted so that your providers know how you are responding to treatment; Payment — a bill for services will be sent to you and, where applicable, to a third-party payer such as your insurance carrier, and the information on a bill may include identifying information, diagnoses, procedures performed, and supplies used; Health Care Operations — we use your health information for quality assessment and improvement, staff training, credentialing, audits, accreditation, and other regular business activities necessary to operate the practice; and Appointment reminders and health-related communications — we may contact you to provide appointment reminders or information about treatment alternatives or other health-related services that may be of interest to you. We do not use PHI for marketing purposes without your separate written authorization.

    

3. Other Disclosures Without Your Authorization

   LenoyMed may also use or disclose your PHI without your separate authorization in the following limited circumstances, only as permitted or required by law: to Business Associates such as our electronic health records platform, IT and cloudservice providers, billing services, and document destruction services, each under a written agreement that requires them to safeguard your information in the same manner we do; for Public Health and Safety, including disease reporting, adverseevent reporting, product recalls, reports of suspected abuse or neglect, or to avert a serious threat to health or safety; for Health Oversight activities such as audits, investigations, inspections, and licensure; in response to court orders, subpoenas, warrants, or similar lawful process; to law enforcement only where permitted by law; to coroners, medical examiners, and funeral directors as authorized; for workers’ compensation purposes, to the extent required by law; for research purposes only as permitted by HIPAA after appropriate review; and for communications with family or others involved in your care or payment for your care, unless you object.

    

4. Other Disclosures Without Your Authorization

   Other uses and disclosures of your PHI will be made only with your written authorization, which you may revoke in writing at any time (except to the extent we have already acted on it). The following uses always require your authorization: most uses or disclosures of psychotherapy notes, where applicable; use or disclosure of PHI for marketing purposes; any sale of PHI; and use of your photographs or before/after images for promotional, educational, or marketing purposes outside your treatment record.

    

5. Specially Protected Information

   Certain categories of information — including HIV/AIDS-related information, genetic information, mental health records, and alcohol or substance-use treatment records — have additional confidentiality protections under New Jersey and federal law. We will obtain your specific written authorization before using or disclosing such information where the law requires it.

    

6. Confidentiality, HIPAA Compliance & Data Security

   LenoyMed maintains administrative, technical, and physical safeguards designed to protect your PHI against unauthorized access, alteration, disclosure, or destruction. Access is limited to authorized personnel and Business Associates with a legitimate need to know. We comply with applicable federal and New Jersey healthcare privacy regulations, and we will notify you if a breach occurs that may have compromised the privacy or security of your PHI.

    

7. Your Rights Regarding Your Health Information

   Although your medical record is the physical property of LenoyMed, the information in it belongs to you. Under HIPAA and applicable New Jersey law, you have the right to: inspect and obtain a copy of your medical record in paper or electronic form (usually within 30 days of a written request; a reasonable, cost-based fee may apply); request an amendment (correction) to your record if you believe information is inaccurate or incomplete; receive an accounting of disclosures of your PHI for up to six years before your request, excluding disclosures for Treatment, Payment, Health Care Operations, and certain other categories; request a restriction on certain uses or disclosures of your PHI (we are not required to agree to every request, but we will tell you if we cannot); restrict disclosure to your health plan for services you pay for in full out-ofpocket; request confidential communications by alternative means or at an alternative location; revoke a prior authorization, except to the extent we have already acted on it; obtain a paper copy of this Notice upon request; and be notified of a breach of unsecured PHI. Requests must be submitted in writing to our Privacy Officer (see Item 9) and may be subject to identity verification.

    

8. LenoyMed’s Responsibilities

   LenoyMed is required by law to maintain the privacy and security of your PHI; to provide you with this Notice of our legal duties and privacy practices; to abide by the terms of the Notice currently in effect; to notify you if we cannot agree to a requested restriction; to accommodate reasonable requests for confidential communications; and to notify you of a breach of unsecured PHI. We reserve the right to change the terms of this Notice and to make new terms effective for all PHI we maintain. A current copy of the Notice will be posted on our website, and you may request a paper copy at any time.

    

9. Complaints, Updates & Contact

   If you believe your privacy rights have been violated, you may file a complaint with LenoyMed by contacting our Privacy Officer at privacy@lenoymed.com or at the practice mailing address listed on our website. You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights at 1-877-696-6775 or hhs.gov/hipaa/filinga-complaint. We will not retaliate against you for filing a complaint. LenoyMed may update this Privacy Policy from time to time; the “Last Updated” date above will reflect the most recent revision, and material changes will be communicated as required by law.

    

E-Commerce

1. Information Collected for Orders

   When you purchase retail products through our website, we collect billing details, shipping address, payment information, items purchased, and order history. Payment processing is handled securely through PCI-DSS-compliant third-party processors. We do not store full credit-card numbers on our own systems.

    

2. Use of Customer Data

   We use customer data to process orders, manage shipping, provide customer support, prevent fraud, and comply with legal and tax obligations. We may send order confirmations, shipping updates, payment receipts, and other transactional messages related to your purchase. Transactional messages are sent regardless of your marketing preferences.

    

3. Cookies & Tracking Technologies

   Our website uses cookies, pixels, and similar technologies to recognize your device, remember your preferences, analyze traffic, measure marketing performance, and enhance security. We may also use third-party analytics and advertising tools (such as Google Analytics and Meta Pixel) that set their own cookies and collect website-usage data. You can manage cookies through your browser settings and opt out of certain advertising cookies through industry tools. Disabling cookies may limit some website features.

    

4. Data Sharing with Third Parties

   We may share data with payment processors, shipping carriers, IT and cloud-service providers, and legal authorities when required by law. We do not sell customer data.

    

5. Data Security & Retention

   We maintain administrative, technical, and physical safeguards to protect your e-commerce information. We retain order and billing records for as long as needed to provide services, comply with legal and tax obligations, resolve disputes, and enforce our agreements. Retention periods for medical records are governed by applicable New Jersey law.

    

6. Children’s Privacy & Third-Party Links

   Our website and services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, please contact us so we can delete it. Our website may also link to third-party sites; we are not responsible for their privacy practices, and we encourage you to review their policies before sharing information with them.

    

Promo

1. Marketing Communications

   You may opt in to receive promotional emails, SMS messages, or postal mail from LenoyMed. Marketing communications are sent only with your consent. You may unsubscribe at any time using the link provided in any marketing email, by replying STOP to any marketing SMS, or by contacting our Privacy Officer. Opting out of marketing does not affect transactional messages such as appointment reminders, order confirmations, or membership notices.

    

2. Promotional Data Usage

   Information collected during promotional campaigns, contests, or giveaways is used solely to administer the promotion and contact winners, unless you provide additional consent for further use.

    

3. No Marketing Use of Health Information

   Consistent with HIPAA and the Service section above, we will not use Protected Health Information for marketing purposes without your separate written authorization. This includes any use of your photographs or before/after images outside your treatment record.

    

Membership, Subscription, Rewards

1. Membership Data Collection

   When you enroll in a LenoyMed membership, subscription, or rewards program, we store the recurring-billing schedule, the services included in your program, your treatment and usage history within the program, and your points or credit balance — as necessary to administer the program.

    

2. Recurring Billing Information

   Payment details for subscriptions and memberships are processed securely through PCI-DSS-compliant third-party providers. LenoyMed does not directly store sensitive payment credentials such as full card numbers.

    

3. Rewards Tracking & Communication

   We may track your points, benefits usage, and membership status to provide accurate program benefits. Program-related communications (renewal reminders, balance updates, eligibility notices) are transactional in nature and will continue while you remain enrolled, regardless of your marketing preferences.

    

4. Cancellation & Data Retention

   If you cancel your membership or subscription, we will retain your membership and transaction records as needed to comply with tax, accounting, and legal obligations, and to resolve any disputes. Retention periods for medical records are governed by applicable New Jersey law.