Privacy Policy

Effective Date: 8/01/2025

The Burn and Scar Research and Treatment Center of Los Angeles Inc. ("we," "us," or "our") is committed to safeguarding the privacy of the individuals we serve, including patients, donors, volunteers, partners, and visitors to our website. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of your personal information and explains your rights and choices related to that information.

1. Information We Collect

We collect various types of information depending on how you interact with us:

1.1 Personal Information
This includes information that can identify you, such as:

  • Full name

  • Email address

  • Mailing address

  • Phone number

  • Date of birth

  • Gender (if voluntarily disclosed)

  • Emergency contact information

  • Photographs and videos submitted for documentation, treatment, or testimonial purposes

  • Health-related information submitted through consultation forms or treatment applications (e.g., medical history, skin conditions, treatment goals, medications, allergies)

  • Information you provide during email, phone, or in-person communication

1.2 Financial Information
If you make a donation or payment through our site, we may collect:

  • Billing name and address

  • Donation amount and frequency

  • Payment method (processed via secure third-party platforms)

  • Tax ID or other information required for IRS reporting (in certain cases)

1.3 Website and Usage Information
We collect technical information when you use our website, including:

  • IP address

  • Device type

  • Browser type and version

  • Pages visited and session duration

  • Geographic location (generalized)

  • Referral URL

  • Cookie and tracking technology data (see Section 7)

2. How We Use Your Information

We use your information to:

  • Evaluate eligibility for acne scar or burn treatment programs

  • Provide medical consultation, diagnostic evaluation, and follow-up care

  • Coordinate with licensed medical professionals and clinics

  • Process donations and send tax-deductible receipts

  • Manage fundraising campaigns and donor engagement

  • Communicate via email, phone, or text for operational, marketing, or educational purposes

  • Share testimonials and transformation stories (with explicit consent)

  • Analyze website performance, track engagement, and improve user experience

  • Meet legal, regulatory, and ethical obligations

3. Legal Basis for Processing

We process your personal data under the following lawful bases:

  • With your explicit consent (e.g., submitting an application or testimonial)

  • To fulfill a contractual obligation (e.g., when providing services or processing a donation)

  • To comply with legal obligations (e.g., tax reporting, HIPAA regulations)

  • Based on our legitimate interests, including improving services and communicating with stakeholders

4. Sharing and Disclosure of Information

We do not sell or rent your personal information. We may share your data with:

  • Licensed healthcare providers affiliated with our organization for care coordination

  • Authorized third-party vendors providing services such as:

    • Payment processing (e.g., Stripe, PayPal)

    • Customer relationship management (CRM)

    • Email distribution (e.g., Mailchimp, Constant Contact)

    • Web analytics (e.g., Google Analytics)

  • Donor acknowledgment services (e.g., matching gift processors)

  • Legal and regulatory authorities, as required to comply with applicable laws or to protect our rights, patients, and donors

All partners and vendors are contractually required to maintain confidentiality and data protection standards in line with applicable laws.

5. HIPAA and Health Data Compliance

If you submit health-related information to us, we treat it as Protected Health Information (PHI) and apply the protections required by the Health Insurance Portability and Accountability Act (HIPAA):

  • PHI is securely encrypted and stored in a HIPAA-compliant system

  • Access is limited to authorized healthcare professionals and staff with a legitimate need

  • We do not disclose your PHI without your written consent unless required by law

6. Data Retention

We retain personal and health-related information only for as long as necessary:

  • To fulfill the purpose for which it was collected

  • To comply with medical, tax, and legal obligations

  • To maintain patient treatment records as required by law

  • Donor and financial records are typically retained for 7 years per IRS regulations

7. Cookies and Website Tracking

Our website uses cookies and similar tracking tools to:

  • Enhance your experience and personalize content

  • Analyze traffic and improve performance

  • Enable features like form autofill and secure login

You can control cookie preferences in your browser settings. Disabling cookies may impact functionality.

We may also use tools like Google Analytics to collect and process data about site usage. Google’s ability to use and share information is governed by its own privacy policy.

8. Your Rights

Depending on your location, you may have the right to:

  • Access and obtain a copy of your personal data

  • Correct or update inaccurate information

  • Request deletion of your data (subject to legal exceptions)

  • Withdraw consent for processing (where applicable)

  • Opt out of marketing emails at any time via an unsubscribe link

To exercise any of these rights, please email us at: [Insert Contact Email]

9. Third-Party Websites

Our website may include links to third-party websites for convenience, fundraising, or education. We are not responsible for the content or privacy practices of these websites.

10. Children’s Privacy

We do not knowingly collect personal information from children under the age of 13. If we become aware that we have inadvertently received such data, we will delete it promptly.

11. Data Security

We implement strong physical, technical, and organizational measures to protect your personal data from unauthorized access, disclosure, or misuse. These include:

  • SSL encryption

  • Secure servers and restricted access controls

  • Regular security reviews and updates

However, no system is 100% secure. You acknowledge and accept the risk of providing information online.

12. Updates to This Policy

We may modify this Privacy Policy periodically. Any updates will be posted to this page with a revised “Effective Date.” Your continued use of our website or services after changes constitutes your acceptance.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact:

The Burn and Scar Research and Treatment Center of Los Angeles Inc.