Privacy Policy
Untouched Allure Medical Aesthetics PLLC

Last Updated: March 30, 2025

At Untouched Allure Medical Aesthetics PLLC ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our medspa, use our services, or interact with us online at https://www.untouchedallure.com. It also outlines your rights under New Hampshire law and how you can exercise them.

Please read this policy carefully. By using our services, you agree to the practices described herein.

1. Who We Are
We are Untouched Allure Medical Aesthetics PLLC, a medical aesthetics practice located at 24 Chestnut Street, Suite 4, Dover, NH 03820. We provide professional aesthetic treatments and related services to our clients in Dover, New Hampshire, and surrounding areas.

For questions about this Privacy Policy or our data practices, you can contact us at:

Email: untouchedallurenh@gmail.com
Phone: 603.241.6371
Mail: Untouched Allure Medical Aesthetics PLLC, 24 Chestnut Street, Suite 4, Dover, NH 03820
2. Information We Collect
We collect personal data that is adequate, relevant, and necessary to provide our services, communicate with you, and comply with legal obligations. The types of data we collect include:

a. Information You Provide Directly
Contact Information: Name, email address, phone number, mailing address.
Health Information: Medical history, treatment preferences, and other health-related details necessary for providing safe and effective aesthetic treatments (protected under HIPAA).
Payment Information: Credit card details, billing address, or other payment-related data (processed securely and not stored beyond what is necessary).
Appointment Details: Dates, times, and notes related to your bookings.
b. Information Collected Automatically
Website Usage Data: IP address, browser type, device information, and pages visited (collected via cookies or similar technologies—see Section 8 below).
c. Sensitive Data
We may process sensitive personal data, such as:

Health conditions or diagnoses relevant to your treatments.
Data collected from minors (with parental consent, where applicable).
We only process sensitive data with your explicit consent or as required by law.
3. How We Use Your Information
We use your personal data for the following purposes:

To Provide Services: Schedule appointments, administer treatments, and personalize your care.
To Communicate: Send appointment reminders, respond to inquiries, and provide updates about our services (e.g., promotions or new offerings, with your consent where required).
To Process Payments: Complete transactions securely.
To Improve Our Services: Analyze trends and feedback to enhance our offerings.
To Comply with Legal Obligations: Meet requirements under HIPAA, NH state laws, and other regulations.
We limit our use of your data to these purposes and will notify you if we intend to use it for additional reasons, seeking your consent where necessary.

4. How We Share Your Information
We do not sell your personal data. We may share your information only in the following circumstances:

With Service Providers: Third parties (e.g., payment processors, appointment scheduling software providers) who assist us in operating our business, bound by confidentiality agreements and HIPAA-compliant contracts where applicable.
With Healthcare Professionals: For treatment purposes (e.g., referrals), with your consent or as permitted by law.
For Legal Reasons: If required by law, court order, or to protect our rights, property, or safety, or that of others.
With Your Consent: For any other purpose you explicitly approve.
5. Your Rights Under New Hampshire Law
As a New Hampshire resident, you have the following rights under the New Hampshire Privacy Act (NHPA), effective January 1, 2025:

Right to Confirm: Confirm whether we are processing your personal data.
Right to Access: Request access to the personal data we hold about you.
Right to Correct: Request corrections to inaccurate or incomplete data.
Right to Delete: Request deletion of your personal data, subject to legal exceptions (e.g., HIPAA retention requirements).
Right to Obtain a Copy: Receive a portable copy of your personal data in a usable format.
Right to Opt-Out: Opt out of the processing of your data for targeted advertising, sales to third parties, or certain automated profiling (note: we do not currently engage in these activities).
Right to Appeal: Appeal our decision if we deny your request.
How to Exercise Your Rights
To submit a request, contact us at:

Email: untouchedallurenh@gmail.com
Phone: 603.241.6371
We will respond within 45 days (extendable by 45 days if necessary, with notice to you). If we deny your request, we will explain why and provide instructions for appealing within a reasonable timeframe. You may also designate an authorized agent to submit requests on your behalf, provided we can verify their authority.

6. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal data, including:

Encryption of sensitive data in transit and at rest.
Secure storage of health records in compliance with HIPAA.
Restricted access to your data, limited to authorized personnel only.
While we strive to protect your information, no system is 100% secure. We will notify you promptly if a breach occurs that compromises your data, as required by law.

7. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law (e.g., HIPAA mandates certain health records be kept for at least 6 years). Once no longer needed, we securely delete or anonymize your data.

8. Cookies and Tracking Technologies
Our website may use cookies to enhance your experience (e.g., remembering preferences). You can manage cookie settings through your browser. We do not use cookies for targeted advertising or sell data collected via cookies.

9. HIPAA Compliance
As a healthcare provider, we comply with HIPAA regulations regarding your protected health information (PHI). For more details, see our separate Notice of Privacy Practices, available at our office or upon request.

10. Changes to This Policy
We may update this Privacy Policy as laws or our practices change. We will notify you of significant updates by posting the revised policy on our website with an updated "Last Updated" date and, if required, by email or other means. Please review this policy periodically.

11. Enforcement and Complaints
The New Hampshire Attorney General enforces the NHPA. If you believe we have violated your privacy rights, you may file a complaint with:

NH Attorney General’s Office
33 Capitol Street, Concord, NH 03301
Phone: (603) 271-3658
Website: www.doj.nh.gov
For HIPAA-related concerns, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights.

Contact Us
If you have questions, concerns, or requests about your privacy or this policy, please reach out:

Email: untouchedallurenh@gmail.com
Phone: 603.241.6371
Mail: Untouched Allure Medical Aesthetics PLLC, 24 Chestnut Street, Suite 4, Dover, NH 03820
We’re here to help you feel confident about your privacy with Untouched Allure Medical Aesthetics PLLC.