SUR MedSpa Privacy Policy

Last updated January 25, 2025

1. Introduction

This Privacy Policy of SUR MedSpa (referred to as the “Company”, “we”, “our” or “us”) outlines how your personally identifiable information and other personal data will be collected, used, and shared in connection with your access to and/or use of our services through the SUR MedSpa Platform (as defined below), the Company’s website (www.surmedspa.com or the “Site”), or other mobile applications (collectively, the “Services”). The platform services provided by the Company, the Site and mobile applications together are hereinafter collectively referred to as the “SUR MedSpa Platform”. This Privacy Policy describes what information we collect and how we use that information. If you have questions about this Privacy Policy, please contact us in accordance with Section 9, “Contacting Us”, below.

Your use of the SUR MedSpa Platform constitutes your acceptance of and agreement to all of the terms and conditions in this Privacy Policy available at https://surmedspa.com/privacy-policy, our Terms of Service (the “Terms”) available at https://surmedspa.com/terms-of-use, and any community guidelines, policies, or rules now in force or enacted in the future, and any amendments and additions to these Terms as we may publish from time to time, as well as your compliance with all applicable laws. The Terms, and any community guidelines, policies, or rules now in force or upon their future enactment, are incorporated by reference into this Privacy Policy and together form and are hereinafter referred to collectively as this “Agreement”. Any terms not defined herein have the meanings ascribed to them in the Terms of Service. This Agreement governs the use of the SUR MedSpa Platform, and you are giving the Company permission to use and store such information consistent with this Agreement.

SUR MedSpa provides the SUR MedSpa Platform, which may include a mobile application, which allows an individual who is registered with the SUR MedSpa Platform (a “Customer”) to request and schedule a session/appointment with us as a Recipient to receive minimally invasive medical aesthetic services, medical grade aesthetician services, and other skincare and wellness services from SUR MedSpa (“Treatment(s)”). As used herein, the term “User” refers to any user of the SUR MedSpa Platform. As used herein, the term “Account” may refer to the registered account of a Customer. A User who requests a Treatment through the SUR MedSpa Platform may be referred to as the “Recipient” of that Treatment.

2. Information We Collect

As part of the operation of the SUR MedSpa Platform and the provision of our Services to you, we will collect both personally identifying and non-personally identifying information from you (collectively, “Collected Information”).

By accessing our website(s) (including the Site), downloading a SUR MedSpa mobile application, registering an Account with the SUR MedSpa Platform, or using our Services, you agree that we can collect and use the information as described in this Privacy Policy. If you do not agree, you are neither permitted nor authorized to register or maintain an Account with the SUR MedSpa Platform, request or provide Treatments via the SUR MedSpa Platform, access our website(s), download or access our mobile applications, or otherwise use or interact with our Services.

The types of Collected Information are described below:

2.1 Personal Information

As part of the operation of the SUR MedSpa Platform and the provision of Services to you, we will collect, store, and use data that is (or may be combinable with other data in such a way as to be) personally identifiable to you (“Personal Information”), including but not limited to the following:

• Contact Information – e.g. name, address, phone, email;
• Demographic Information – e.g. sex, age;
• Location Information – information about your geographic location or that of the device via which you access the SUR MedSpa Platform;
• Protected Health Information – individually identifiable health information, which may include demographic data, medical histories, test results;
• Financial Information – information related to your banking or credit accounts;
• Tracking Information – information related to the device you use to access the SUR MedSpa Platform, e.g. cookies and related technologies; and
• Other Information – miscellaneous information, e.g., your uploaded photograph, reviews you’ve submitted.

When you access our Site, register your Account and/or utilize our Services, we collect and store Personal Information. You also may choose to send the Company Personal Information in an email message containing information or inquiries about the SUR MedSpa Platform. Many of the types of information described above, or can comprise, Personal Information. We take the safety and integrity of your Personal Information very seriously.

Other than General Information, which may include Protected Health Information aggregated and/or anonymous information that is de-identified, we do not sell your information to third parties, and only share Personal Information under limited circumstances, as described in Section 4. These limited circumstances in which Personal Information may be shared with third parties exclude text messaging originator opt-in data and consent – this information will not be shared with any third parties. We employ industry standard security measures as described in Section 6.

2.2 Location Information

When you visit the SUR MedSpa Platform via a mobile application, we may use GPS technology (or other similar technology or your direct submission) to determine your current location in order to facilitate the booking of a session/appointment and provision of Treatment. We will not share your current location with other Users, except to facilitate the request or provision of Treatment.

If you do not want us to use your location for the purposes set forth above, you should turn off the location services for the mobile application located in your mobile phone settings; provided, however, accurate information regarding your location is required to ensure Treatment can be provided as (and at the location) requested, and that failure to be present at the location of a scheduled Treatment may be subject to penalty under our Terms of Service.

2.3 Protected Health Information

Our collection and use of your Personal Information, which we receive pursuant to this Agreement, is not governed by HIPAA. We will collect and use your Personal Information, including non-HIPAA covered Protected Health Information, consistent with the terms of this Agreement.

When you use the Service to upload, transmit, or receive Protected Health Information, you agree that, to the extent applicable, you shall comply with all applicable state and federal laws including, but not limited to, the Privacy Laws. You represent and warrant that you will, at all times, comply with all laws directly or indirectly applicable to you that may now or hereafter govern the gathering, use, transmission, processing, receipt, reporting, disclosure, maintenance, and storage of Protected Health Information. You agree that the Company, and all other persons or entities involved in the operation of the Service, have the right to monitor, retrieve, store, review, and use Protected Health Information, if applicable, in connection with the transmission of any Protected Health Information.

2.4 Financial Information

To facilitate the request and provision of Treatments via the SUR MedSpa Platform and/or payment to the Company for Treatments provided, Users may be asked to input banking and credit card information, such as credit card numbers, bank routing numbers, and/or other information related to payments and financial transactions. For your security, we utilize a third-party payment processor for all transactions. We do not store or maintain on our servers any of your banking or credit card information.

2.5 Tracking Information

“Cookies” are elements of data that a website can send to your browser and store on your computer. The SUR MedSpa Platform and aspects thereof, and communications therewith, may use cookies, tracking pixels and related technologies. Cookies may also be used to track how you use the SUR MedSpa Platform. Our cookies are not designed to collect Personal Information, but in some instances, may be combinable with other information to be personally identifiable. Our system may automatically gather information about the areas you visit on our Site or SUR MedSpa Platform and about the links you may select from within our site to other areas of the Internet or elsewhere online. For example, cookies may be used by the SUR MedSpa Platform to initiate shopping cart reminder messages for transactions that may take place through the SUR MedSpa Platform (i.e., cookies are used to help keep track of items you put into your shopping cart, including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS).

We may use such information in the aggregate to understand how our users as a group use the services and resources provided on our sites. We may link such usage information to Collected Information in order to securely verify your identity, to personalize aspects of your experience on the SUR MedSpa Platform, to better understand which information or services are of greater value to our Users, and to send follow-up communications regarding our products and services to website visitors. As with all other Personal Information, we do not sell Tracking Information to third parties.

You can choose whether to accept cookies by changing the settings of your browser. You can reset your browser to refuse all cookies, or allow your browser to show you when a cookie is being sent. You can also erase cookies already stored on your computer. If you choose not to accept these cookies or if you erase them, your experience on the SUR MedSpa Platform, and other websites, may be diminished and some features may not work as intended.

We may also collect Tracking Information from our mobile applications to determine how Users utilize the applications and how we can improve the experience for Users.

2.6 Other Information

We may also collect other various data as part of the operation of the SUR MedSpa Platform and the provision of our Services. We may also collect various other information, such as reviews, and your usage of promotional features. From time to time, SUR MedSpa may perform research (online and offline) via surveys. We may engage third party service providers to conduct surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Services, various types of communications, advertising campaigns and/or promotional activities. If an individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous individual and aggregate data for research and analysis purposes.

2.7 General Information

The Company may also collect, store, and utilize information related to the usage and operation of the SUR MedSpa Platform and our Services that is aggregated, statistical, regional, anonymized, de-identified, or otherwise not identifiable to a natural person (collectively, “General Information”). The Company may publish or share, without restriction, General Information with third parties or the public. For example, the Company may compile and publish data related to numbers of registered Users, numbers of Treatments provided, Company revenue, average delivery time of Treatments, etc. We may also use General Information in order to help us improve our existing products and Services or develop new products and Services or we may sell or license anonymized or de-identified datasets derived from Collected Information for any lawful purpose, including but not limited to, supporting researchers in generating insights or to address hypotheses across a range of scientific, medical, clinical, or pharmaceutically-relevant questions. General Information is not Personal Information, and is expressly excluded from any restrictions in this Agreement upon Personal Information.

As noted above, we provide and may sell General Information to third parties.

3. How Does the Company Use My Information?

We may use Collected Information to facilitate the use and operation of the SUR MedSpa Platform and our Services, including the request and provision of Treatments, to service your Account, to communicate with you, to obtain your opinions on our Services, to send communications regarding our products and Services, to alert you to new features or information, and to improve the operation of the SUR MedSpa Platform and our provision of Services to you. We may also collect and record information about usage of the Site and SUR MedSpa Platform in order to better serve our Users and enhance our products and Services.

4. Will the Company share my information?

The Company owns all the information collected from and about Users, as detailed in our Terms of Service. We do not rent, sell, or trade Personal Information to any third party. We may disclose or provide access to Personal Information to a third party in one of the following limited circumstances:

• Where necessary for security purposes, to protect against fraud or unauthorized transactions, to resolve Customer disputes or inquiries, or to respond to requests from persons who are acting in a fiduciary or representative capacity for you, or who hold a legal or beneficial interest in your Account;
• Where necessary for a third-party contractor, contracted by the Company, to perform services related to the SUR MedSpa Platform;
• To perform necessary identity and professional verification;
• As permitted by applicable law, including in response to legal process or requests from government authorities;
• In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or sale of all or a portion of our assets, we may disclose your Personal Information to the party or parties of such transaction, Accounts and Collected Information may be disclosed to the party or parties involved in such transaction.

 

5. What Happens When I Close My Account?

If you close your Account with us, we will make reasonable efforts to delete your Account and Personal Information collected about you. Please note that our ability to delete data is subject to any data retention requirements imposed by law, regulation, or court order, and to the operational needs of the SUR MedSpa Platform. Upon deletion from our active storage or database environment, information may persist in archival form. We will endeavor, as is practicable, to periodically purge from archival storage information that has been so deleted from our active storage or database environment, but make no guarantees as to the timing or our ability to do so.

We do not knowingly allow Users under the age of 18 to use the SUR MedSpa Platform, and we do not knowingly collect information from any person under the age of 18. Use of the SUR MedSpa Platform or our Services by anyone under the age of 18 is a violation of our Terms of Service and is expressly prohibited. If a person has nonetheless provided false information in order to register an Account, that person’s Account is subject to closure and any data associated therewith is subject to deletion.

6. Security

The Company takes information security very seriously and has established physical and electronic security standards and procedures to protect against unauthorized access to Customer information. We use industry standard means such as physical, electronic and procedural safeguards, including, but not limited to data encryption and secure socket layer technology. We update and test our technology regularly to maintain and improve the protection of our Customers’ information. We restrict access of personal information to employees and service providers for legitimate business purposes to assist in providing services to you. Employees who violate our Privacy Policy are subject to disciplinary action.

Your Account is password protected. If you have reason to believe that your Account has been compromised or is no longer secure (e.g., because of activity you do not recognize, or because of a breach of your email, banking, credit, or any other financial or personal account), please immediately notify us of the problem by contacting us in accordance with Section 9, “Contacting Us”, below.

7. Uses and Disclosures of Protected Health Information

We may use and disclose your Protected Health Information (“PHI”) for the following purposes:

• Treatment: We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This may include communication with other healthcare providers about your treatment and coordinating your care with other providers.
• Healthcare Operations: We may use and disclose your PHI for healthcare operations, including quality assessment, improvement activities, case management, accreditation, licensing, credentialing, and conducting or arranging for medical reviews, audits, or legal services.
• As Required by Law: We may use and disclose your PHI when required to do so by federal, state, or local law.
• Public Health and Safety: We may use and disclose your PHI to prevent or control disease, injury, or disability, to report child abuse or neglect, to report reactions to medications or problems with products, and to notify persons who may have been exposed to a communicable disease or may be at risk of spreading a disease or condition.
• Health Oversight Activities: We may disclose your PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.
• Judicial and Administrative Proceedings: We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
• Law Enforcement: We may disclose your PHI for law enforcement purposes, such as to report certain types of wounds or injuries, or to comply with a court order, warrant, or other legal process.
• Research: We may use and disclose your PHI for research purposes when the research has been approved by an institutional review board and privacy protections are in place.

You have the following rights with respect to your PHI:

• Right to Inspect and Copy: You have the right to inspect and copy your PHI that we maintain, with certain exceptions. To request access, submit a written request to our Privacy Officer. We may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.
• Right to Amend: You have the right to request an amendment to your PHI if you believe it is incorrect or incomplete. To request an amendment, submit a written request to our Privacy Officer, specifying the information you believe is incorrect and why. We may deny your request if we believe the information is accurate and complete, or if we did not create the information.
• Right to an Accounting of Disclosures: You have the right to request an accounting of disclosures of your PHI made by us in the past six years, except for disclosures made for treatment, payment, or healthcare operations, and certain other disclosures. To request an accounting, submit a written request to our Privacy Officer.
• Right to Request Restrictions: You have the right to request a restriction on our use or disclosure of your PHI for treatment or healthcare operations. We are not required to agree to your request but will consider it. To request a restriction, submit a written request to our Privacy Officer, specifying the restriction you are requesting and to whom it applies.
• Right to Request Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or at a certain location. To request confidential communications, submit a written request to our Privacy Officer, specifying how or where you wish to be contacted.
• Right to a Paper Copy of This Policy: You have the right to receive a paper copy of this Policy, even if you have agreed to receive it electronically. To obtain a paper copy of this Policy, contact our Privacy Officer.
• Right to be Notified of a Breach: You have the right to be notified in the event that we discover a breach of your PHI.

We are committed to protecting the privacy of your PHI and will ensure that any electronic transmission of PHI complies with laws applicable to our business. Please see Section 6, “Security”, above.

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer. You will not be retaliated against for filing a complaint.

8. Notification of Changes

This Privacy Policy is periodically reviewed and enhanced by the Company as necessary. This Privacy Policy might change as the Company updates and expands the SUR MedSpa Platform. The Company will endeavor to notify you of any material changes by email, but will not be liable for any failure to do so. The Company also encourages you to review this Privacy Policy periodically. If you do not understand any of the terms or conditions of any of the Company’s policies, you may inquire regarding the same.

9a. Contacting Us

If you have any questions or concerns related to this Agreement, how to remove or modify your user information, related consents, your Account, a Treatment, another User, or anything else regarding the SUR MedSpa Platform or Services, please email us at cs@surmedspa.com or write to us at:

SUR MedSpa

310 Gold Creek Trail, Suite 300

Woodstock, Georgia 30188

If you have any questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer at:

SUR MedSpa

Privacy Officer: Sweta Patel

Email: admin@surmedspa.com

9b. SMS Messaging 

SUR MedSpa respects your privacy. By opting into our SMS messaging service, you agree to the following terms regarding how we handle your data:

Data Collection

We will collect your name, email address, mailing address, and mobile phone number when you sign up for SMS updates. The information will be collected via the website contact form, email, rental agreement, or third-party reservation systems.

Data Usage

We use your data solely for sending updates, promotions, and reminders related to our products or services.

Data Security

We protect your data with secure storage measures to prevent unauthorized access.

Data Retention

We retain your information as long as you are subscribed to our SMS service. You may request deletion at any time.

Message and Data Rates

MESSAGE AND DATA RATES MAY APPLY: Your mobile carrier may charge fees for sending or receiving text messages, especially if you do not have an unlimited texting or data plan. Messages are recurring, and message frequency varies.

Contact Information

Contact SUR MedSpa at 678-578-6947 or cs@surmedspa.com for HELP or STOP or CANCEL to STOP receiving messages.

Opt-In Policy

You can opt in to SMS messaging at any time by texting or emailing START to cs@surmedspa.com or 678-578-6947. After subscribing, you will receive a final SMS to confirm you have subscribed.

Opt-In Policy

You can opt out of the SMS list at any time by texting, emailing, or replying STOP or CANCEL to cs@surmedspa.com or 678-578-6947. After unsubscribing, you will receive a final SMS to confirm you have unsubscribed, and we will remove your number from our list within 24 hours.

You can send HELP for additional assistance, and you will receive a text including our phone number, email, and website. We are here to help you.

Non-Sharing Clause

We do not share your data with third parties for marketing purposes. SUR MedSpa will not sell, rent, or share the collected mobile numbers.

All sharing mentioned in this policy excludes mobile opt-in and consent; opt-in information is never shared with anyone for any purpose.

MEDICAL ADVICE OR SERVICES

IF YOU ARE EXPERIENCING A MEDICAL EMERGENCY, YOU SHOULD DIAL “911” IMMEDIATELY. The content of this website is for informational purposes only and does not constitute professional medical advice, diagnosis, treatment, or recommendations of any kind. Further, the website is not intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease. You should always seek the advice of our board-certified medical practitioner or other qualified health care provider with any questions or concerns that you may have regarding your individual needs and any medical conditions. Visiting the website or registering an account does not create a physician-patient relationship. Reliance on the website without further consultation with a medical practitioner is solely at your own risk.