312-929-2661

PRIVACY POLICY

Effective Date: April 23, 2026 | Last Updated: April 23, 2026

Hudson Facial Plastic Surgery (“Practice,” “we,” “us,” or “our”), located at 1640 N Wells St. Unit 207, Chicago, IL 60614, is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at https://hudsonfacialplastics.com (the “Site”) or contact us for medical or aesthetic services.

Please read this Privacy Policy carefully. By accessing or using our Site or services, you agree to the terms described herein. If you do not agree, please do not use our Site.

1. INFORMATION WE COLLECT

1.1 Personal Information You Provide

We may collect personally identifiable information (“Personal Information”) that you voluntarily provide when you:

  • Complete a consultation request or contact form
  • Schedule an appointment by phone, online form, or email
  • Submit before-and-after photo consent forms
  • Communicate with us by phone, email, fax, or text
  • Apply for financing through our third-party financing partners
  • Interact with us on social media platforms

This may include your name, date of birth, mailing address, phone number, email address, medical history, surgical history, medications, insurance information, and payment information.

1.2 Protected Health Information (PHI)

As a covered medical practice under HIPAA, we collect, use, and disclose Protected Health Information (PHI) as required for treatment, payment, and healthcare operations. Our separate HIPAA Notice of Privacy Practices governs the use of PHI and describes your rights with respect to your health information. Please review that document carefully.

1.3 Biometric Information (Illinois BIPA)

We may collect biometric identifiers and biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq. This may include facial geometry derived from clinical photographs taken for treatment planning and documentation. We will:

  • Obtain written informed consent before collecting any biometric identifiers or biometric information
  • Clearly inform you of the specific purpose and length of time for which your biometric data will be collected, stored, and used prior to collection
  • Never sell, lease, trade, or profit from biometric identifiers or information
  • Never disclose biometric data to any third party without your consent, except as required by law
  • Retain biometric data only until the purpose for collection has been satisfied or three (3) years after your last interaction with our Practice, whichever occurs first, then permanently destroy such data
  • Protect biometric data using the same reasonable standard of care applicable to other sensitive and confidential patient information

1.4 Automatically Collected Information

When you visit our Site, we may automatically collect certain technical information through cookies, web beacons, pixels, and similar tracking technologies. Please see our separate Cookie Policy for full details.

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following lawful purposes:

  • To schedule and provide medical consultations, surgical services, and med spa treatments
  • To communicate with you regarding appointments, care instructions, and follow-up
  • To process payments and coordinate financing arrangements
  • To comply with HIPAA and applicable Illinois laws, including BIPA and PIPA
  • To respond to your inquiries and service requests
  • To send appointment reminders and administrative communications
  • To improve our website, services, and patient experience through analytics
  • To serve targeted advertising on platforms such as Google and Meta/Facebook, subject to your cookie preferences and opt-out choices
  • To detect, investigate, and prevent fraudulent or unauthorized activity
  • To comply with legal obligations, subpoenas, and law enforcement requests

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers and Business Associates

We share information with trusted third-party vendors and HIPAA Business Associates who assist us in operating our practice, including electronic health record (EHR) systems, scheduling and patient communication platforms, payment processors, IT security vendors, and marketing platforms. All Business Associates are required to execute Business Associate Agreements (BAAs) as required by HIPAA.

3.2 Legal Requirements

We may disclose information when required by applicable federal or Illinois law, court order, subpoena, or governmental authority, including breach notifications required under the Illinois Personal Information Protection Act (PIPA) and HIPAA Breach Notification Rule.

3.3 With Your Consent

We may share your information for purposes not described herein when we have obtained your explicit written consent.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your information may be transferred as part of that transaction, subject to applicable law and HIPAA requirements.

4. ILLINOIS PERSONAL INFORMATION PROTECTION ACT (PIPA)

We comply with the Illinois Personal Information Protection Act (PIPA), 815 ILCS 530. In the event of a security breach that compromises unencrypted personal information of Illinois residents, we will notify affected individuals and, where required, the Illinois Attorney General within the timeframes mandated by law. Any contracts we enter for the disclosure of personal information concerning Illinois residents require the recipient to implement and maintain reasonable security measures to protect such records from unauthorized access, acquisition, destruction, use, modification, or disclosure. HIPAA-covered entities that are HIPAA-compliant are deemed compliant with PIPA’s security requirements to the extent covered by HIPAA.

5. GENETIC INFORMATION (GIPA)

To the extent we handle genetic information, we comply with the Illinois Genetic Information Privacy Act (GIPA), 410 ILCS 513, which governs the collection, use, and disclosure of genetic testing information and genetic information of individuals and their family members.

6. CHILDREN’S PRIVACY

Our Site and services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately so we can delete it.

7. THIRD-PARTY LINKS

Our Site may contain links to third-party websites, including financing partners and social media platforms. We have no control over and assume no responsibility for the privacy practices, content, or accuracy of those third-party sites. We strongly encourage you to review the privacy policies of any third-party sites you visit.

8. DATA SECURITY

We implement administrative, physical, and technical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encrypted data transmission (SSL/TLS), secure electronic storage, role-based access controls, multi-factor authentication where appropriate, and regular employee privacy and security training. Detailed information about our security practices is set forth in our Written Information Security Policy (WISP).

Despite our reasonable security measures, no method of transmission over the Internet or electronic storage is entirely secure. We cannot guarantee absolute security of your information.

9. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with applicable law. Medical records are retained in accordance with Illinois law, generally for ten (10) years from the last date of service or three (3) years after a minor patient reaches the age of majority, whichever is later. Biometric identifiers and information are destroyed within three (3) years of your last interaction with our Practice or when the purpose for collection has been satisfied, whichever occurs first.

10. YOUR RIGHTS AND CHOICES

Depending on applicable law, you may have the following rights regarding your personal information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to legal, professional, and HIPAA record-keeping obligations
  • Opt-Out of Marketing Communications: Unsubscribe from marketing emails at any time using the unsubscribe link in our emails or by contacting us directly
  • Cookie Controls: Manage or disable cookies through your browser settings (see our Cookie Policy)
  • HIPAA Rights: Exercise your rights under HIPAA as described in our Notice of Privacy Practices
  • BIPA Rights: Request information about our collection, storage, use, and destruction schedule for your biometric data

To exercise any of these rights, please contact our Privacy Officer using the information below.

11. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or modify this Privacy Policy at any time. Changes will be effective immediately upon posting on our Site with an updated effective date. We encourage you to review this Privacy Policy periodically. Your continued use of our Site following the posting of any changes constitutes your acknowledgment and acceptance of those changes.

12. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

Hudson Facial Plastic Surgery — Privacy Officer 1640 N Wells St. Unit 207 Chicago, IL 60614 Phone: 312-929-2661 Fax: 312-500-5024 Email: info@hudsonfacialplastics.com Website: https://hudsonfacialplastics.com