Effective Date: October 1, 2025
1. Introduction
Vitality Family Chiropractic, LLC (“we,” “our,” or “us”) values your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our online services, or communicate with us through SMS, email, or other channels.
We are a Texas limited liability company with business operations in Texas and Florida. We comply with applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Texas Medical Records Privacy Act, and the Florida Information Protection Act, as well as the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA).
2. Information We Collect
We collect the following categories of information:
2.1 Personal and Health Information
If you are a patient, we may collect and maintain your Protected Health Information (PHI) as defined by HIPAA, including but not limited to:
- Name, address, date of birth, and contact details
- Medical history, treatment information, and insurance details
- Payment and billing information
2.2 Website and Communication Information
When you visit our website or contact us electronically, we may collect:
- IP address, browser type, and device identifiers
- Contact information voluntarily submitted (e.g., through forms)
- SMS communications under our 10DLC messaging program
We do not knowingly collect information from individuals under 13 years of age without parental consent, consistent with the Children’s Online Privacy Protection Act (COPPA).
3. How We Use Information
We use collected information solely for legitimate business and healthcare purposes, including:
- Providing chiropractic and wellness services
- Scheduling appointments and sending reminders
- Processing billing and insurance claims
- Complying with legal and regulatory obligations
- Communicating through authorized SMS and email channels
- Improving our website and patient experience
4. HIPAA Compliance
We adhere to all HIPAA Privacy, Security, and Breach Notification Rules. Your PHI is used and disclosed only as permitted under HIPAA, such as:
- For treatment, payment, and healthcare operations
- With your written authorization for other uses
- As required by law or public health reporting
We maintain appropriate administrative, technical, and physical safeguards to protect your health information.
5. 10DLC SMS Compliance
Our SMS communications comply with 10DLC (10-Digit Long Code) messaging standards as set forth by U.S. mobile carriers and the CTIA. By providing your mobile number, you consent to receive appointment reminders or health-related messages from us.
You may opt out at any time by replying STOP to any message. Message and data rates may apply. Your phone number will not be shared, sold, or used for unrelated marketing purposes.
6. Data Sharing and Disclosure
We do not sell, rent, or share personal or health information with third parties for marketing or commercial purposes.
We may disclose data only:
- To service providers performing authorized functions under Business Associate Agreements (BAAs)
- When required by law, court order, or government authority
- To prevent or respond to fraud, security incidents, or threats to public safety
All third parties handling PHI or personal data must comply with HIPAA and GDPR confidentiality obligations.
7. Data Retention and Security
We retain personal and health information for as long as necessary to fulfill the purposes described in this policy or as required by applicable law. We implement appropriate technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction.
8. GDPR Notice for EEA Residents
If you are located in the European Economic Area, you have the following rights under the GDPR:
- Right of access: Obtain a copy of your personal data
- Right to rectification: Correct inaccuracies in your information
- Right to erasure (“Right to be forgotten”): Request deletion where permitted by law
- Right to restriction and objection: Limit or object to processing
- Right to data portability: Receive your data in a structured, commonly used format
The lawful bases for processing under the GDPR include:
- Performance of a contract (e.g., healthcare services)
- Compliance with legal obligations
- Legitimate interests in providing quality healthcare and operations
- Consent where required (e.g., marketing communications)
Requests under GDPR may be submitted via the contact details below.
9. Cookies and Tracking Technologies
We use cookies and similar technologies for website analytics, functionality, and security purposes. You can manage or disable cookies through your browser settings, though doing so may affect website functionality.
10. Data Transfers
Personal information may be processed or stored in the United States. If you access our services from outside the U.S., you consent to the transfer and processing of your data under U.S. privacy laws, which may differ from those in your jurisdiction.
11. Your Choices and Rights
You may:
- Request a copy or correction of your records
- Withdraw consent where applicable
- Opt out of non-essential communications
To exercise your rights, contact us as outlined below. We will verify your identity before processing any request.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal or operational changes. Updates will be posted on this page with a revised “Effective Date.”
13. Contact Information
Vitality Family Chiropractic, LLC Attn: Privacy Officer 3012 Barron Road Suite 300 College Station, Texas 77845 Email: [email protected] Phone: +1 979 703 7977
If you believe your privacy rights have been violated, you may file a complaint with us or directly with the U.S. Department of Health and Human Services, Office for Civil Rights.