Book Now!
(856) 588-7447
Book Now!
MENU

MED SPA MENU

Neuromodulators
Dermal Fillers
Chemical Peels
Dermaplaning
Hair Restoration Program
Hydrafacial
IPL Photofacial
Laser Hair Removal
ResurFX Fractional Laser
CO2 Laser
Laser Tattoo Removal
Microneedling
Radio Frequency Microneedling
triLift
Acne BootCamp
Full Med Spa Menu

Locations

Vourhees Image 400x300
Voorhees, NJ
Sewell Image 400x300
Sewell, NJ
Collinswood Location Image 400x300
Collingswood, NJ
Northfield Image 400x300
Northfield, NJ
Mullica Hill
Mullica Hill, NJ

IV THERAPY MENU

Iv Therapy Service Page Main Image 400x300
IV Infusion Therapy
Adobestock 287696475 400x300
Weight Loss Program

Our Team Menu

Sewell Image 400x300
Medical Aesthetic Team
Northfield Image 400x300
Management Team
Book Now!
(856) 588-7447
The Garden Medical Spa Logo

DATA PRIVACY STATEMENT FOR THE GARDEN MEDICAL SPA

Effective Date: 7/1/2025

INTRODUCTION AND KEY HIGHLIGHTS

At the Garden Medical Spa, we prioritize the protection of your personal and health
information.
This Data Privacy Statement outlines our commitment to safeguarding your privacy while
providing exceptional medical spa services. Key highlights include:
• We collect only necessary personal and health information to provide quality care
• Your information is protected through comprehensive security measures
• You have specific rights regarding your information, including access and correction
• We comply with all applicable federal and state laws, including HIPAA and the New
Jersey Consumer Privacy Act
• Regular reviews of our privacy practices ensure ongoing compliance with evolving
regulations

INFORMATION WE COLLECT

In the course of providing our medical spa services, we may collect the following types of
personal and health information from our clients:
• Full name, address, phone number, email address, date of birth, and other demographic
information
• Medical history, including existing conditions, allergies, medications, and any treatments
or procedures received
• Treatment preferences, concerns, and goals related to your care
• Details of the treatments and services provided, including medical notes, photographs,
and other related information
• Payment information, such as credit card numbers, bank account details, or insurance
plan information
• Emergency contact information and, where applicable, information about your
authorized
representatives

HOW WE USE AND DISCLOSE INFORMATION

Use of Information
We use the information we collect for the following purposes:
1. To provide and improve the medical spa services and treatments you request
2. To communicate with you about your appointments, treatments, and any follow-up care
3. To process payments and maintain billing and accounting records
4. To comply with legal and regulatory requirements, such as patient record-keeping
5. To conduct internal operations, including quality assurance and customer service
6. To identify and address potential safety concerns related to treatments
7. To respond to your inquiries and requests for information

Disclosure of Information

We may disclose your information to third parties in the following limited circumstances:
1. To healthcare providers, such as your primary care physician, to coordinate your care
2. To billing and payment processors to facilitate transactions
3. To our service providers who assist us in operating the medical spa, subject to
appropriate confidentiality agreements
4. To comply with a legal obligation, such as a court order or subpoena
5. In the event of a sale, merger, or reorganization of our business, with appropriate
safeguards for your privacy
6. To prevent harm or injury, such as to protect against a serious threat to public health or
safety
7. For any other purpose disclosed to you at the time we collect your information, with your
consent
8. Internal team members for service and operational purposes.

We will not sell, rent, or otherwise disclose your personal information for direct marketing
purposes without your explicit consent.

CLIENT RIGHTS

You have the following rights regarding your personal and health information:
1. Right of Access: You can request a copy of the information we have about you. We will
provide this information in a format that is easily accessible and understandable.
2. Right to Correction: You can request that we correct any inaccurate or incomplete
information we maintain about you.
3. Right to Deletion: You can request that we delete your information, subject to certain
exceptions, such as when we need to retain the information to comply with legal
obligations or to protect our legal interests.
4. Right to Restriction: You can request that we limit the way we use your information,
particularly if you contest the accuracy of the information or if the processing is
unlawful.
5. Right to Objection: You can object to certain uses of your information, such as for
marketing purposes or for purposes based on our legitimate interests.
6. Right to Data Portability: You can request that we transfer your information to another
service provider, where technically feasible.
7. Right to Withdraw Consent: If we process your information based on your consent, you
have the right to withdraw that consent at any time.
To exercise these rights, please contact our Privacy Officer at [contact information]. We
will respond to your request within 30 days, as required by applicable law. We may extend
this period by an additional 60 days when necessary, taking into account the complexity
and number of requests.

DATA SECURITY AND BREACH NOTIFICATION

Security Measures
We implement and maintain reasonable administrative, physical, and technical safeguards
to protect your information from unauthorized access, use, or disclosure, including:
1. Secure storage and disposal of paper records, including locked filing cabinets and
shredding procedures
2. Encryption of electronic data and access controls on our systems, including password
protection and multi-factor authentication
3. Ongoing employee training on privacy and security best practices and their
responsibilities in protecting client information
4. Regular security assessments and updates to our systems and procedures
5. Physical security measures at our facilities, such as restricted access areas and
surveillance systems
6. Vendor management processes to ensure third-party service providers maintain
appropriate security measures

Breach Notification

In the event of a data breach that may compromise your information, we will:
1. Conduct a thorough investigation to determine the scope and impact of the breach
2. Notify you without unreasonable delay, but no later than 60 days after discovery, as
required by HIPAA
3. Provide you with information about the breach, including what happened, what
information was involved, what we are doing to investigate and mitigate harm, and what
you can do to protect yourself
4. Notify relevant authorities, including the Department of Health and Human Services and
the New Jersey Division of Consumer Affairs, as required by law
5. Take appropriate steps to mitigate any potential harm resulting from the breach

COMPLIANCE WITH LAWS AND REGULATIONS

The Garden Medical Spa is committed to complying with all federal and state laws and
regulations governing the privacy and security of personal and health information,
including but
not limited to:
1. The Health Insurance Portability and Accountability Act (HIPAA) and its implementing
regulations
2. The New Jersey Consumer Privacy Act
3. The Health Information Technology for Economic and Clinical Health (HITECH) Act
4. Applicable provisions of the Federal Trade Commission Act regarding unfair or
deceptive practices
5. State data breach notification laws

We have implemented comprehensive policies and procedures to ensure we meet the
requirements of these laws, including:
1. Regular staff training on privacy and security requirements
2. Designation of a Privacy Officer responsible for overseeing compliance
3. Implementation of administrative, physical, and technical safeguards
4. Regular risk assessments and compliance audits
5. Procedures for responding to privacy incidents and breaches
6. Documentation of privacy practices and procedures

We regularly review and update our practices to maintain compliance with evolving legal
requirements and industry best practices.

CHANGES TO THIS STATEMENT

We may update this Data Privacy Statement from time to time to reflect changes in our
practices,
legal requirements, or other factors. We will post the updated statement on our website and
at our
facility, with the effective date clearly indicated. For material changes that significantly
affect
your rights or how we use your information, we will provide notice through:
1. Prominent posting on our website at least 30 days before implementation
2. Direct communication, such as email or written notice, to affected clients
3. Obtaining your consent, where required by law

We encourage you to periodically review this statement to stay informed about our privacy
practices.

CONTACT INFORMATION

If you have any questions, concerns, or requests regarding this Data Privacy Statement or
our privacy practices, please contact our Privacy Officer:

Dr. Jay Mirmanesh
CEO, MD
The Garden Medical Spa
100 RT 73 N, Voorhees Township NJ, 08043
(856) 282-1338
info@thegardenmedspa.com