Privacy Policy — De Carolis Concierge Medicine

Privacy Policy

Effective Date: March 8, 2026

De Carolis DO, LLC (“we,” “us,” or “Company”) pledges to protect your privacy and is committed to safeguarding the privacy of health information provided by you or received by us.

This Privacy Notice applies to information we collect when you contact us via telephone or visit our main website (www.drdecarolisdo.com) and other websites or mobile applications that we own or control and that link or refer to this Privacy Notice (collectively, the “Company Technology”).

This Privacy Notice describes how medical and other information about you is collected when you visit or use the Company Technology; how such information may be used and disclosed; and how you may access it. Please review this Privacy Notice, as well as our Terms of Use (incorporated by reference), carefully before using any part of the Company Technology. By using the Company Technology, you consent to the terms in this Privacy Notice and the Terms of Use. If you do not agree, you may not use the Company Technology.

1. Collection of Information

A. Information you provide directly to us

Contact information, username/password, payment information, and any other information you voluntarily submit (e.g., via contact forms).

B. Information we collect automatically

IP address, device identifiers, browser type, operating system, pages visited, date/time of visit, links clicked, and standard server logs. We may collect location data. We use cookies, pixel tags, Local Shared Objects, and similar technologies. By using the Company Technology, you consent to these. You may adjust browser settings, but some functionality may be affected.

C. Information from third-party services and health care providers

We may receive information from third-party services or advertisements. For patients who book or receive medical services, additional health records are obtained as described in the Patient Intake Packet you sign.

2. Use of Information

We use information to provide and improve the Company Technology, contact you, fulfill requests, analyze usage, conduct research (subject to authorization), prevent illegal activities, and for other disclosed purposes or with your consent. Automated decision-making technology (ADMT) or profiling, where used, complies with applicable state laws.

3. Protected Health Information, HIPAA, and Communications

Some information may constitute “protected health information” (PHI) under HIPAA. For patients receiving medical treatment, all uses and disclosures of PHI, your HIPAA rights, and our obligations are fully described in the HIPAA Notice of Privacy Practices and Patient General Informed Consent for Treatment that you receive and sign as part of the Patient Intake Packet (effective February 18, 2026).

We act as a business associate where applicable and follow HIPAA requirements. The Intake Packet also includes your specific authorizations for communications (e.g., text, email, phone) and consent to marketing and sale of PHI in accordance with law. If you have questions about PHI or wish to opt out of certain communications, please refer to the forms you signed or contact us at care@drdecarolisdo.com.

Non-PHI information collected via the Company Technology may be used or disclosed as described in this Notice.

4. Sharing of Information

We share information with authorized vendors/service providers (billing, hosting, analytics, marketing), corporate affiliates, and as required for legal purposes, business transfers, or with your consent. We do not sell personal information for direct marketing except as you expressly authorize in the Patient Intake Packet.

We honor Global Privacy Control (GPC) signals and provide opt-out rights for sale/sharing/ADMT where required by state law (e.g., Florida Digital Bill of Rights, CCPA). Public activities on linked third-party sites are at your own risk.

5. Security

We use reasonable administrative, technical, and physical measures to protect information, including PHI per HIPAA. No system is 100% secure. We notify of breaches as required by law.

6. Your Choices and Rights

You may refuse cookies or use opt-out tools for interest-based advertising (DAA/NAI, device settings). We do not respond to Do-Not-Track signals but honor required GPC signals.

For non-PHI personal information, you have rights under applicable state laws (access, correction, deletion, opt-out of sale/sharing/profiling).

For PHI and full patient rights, please refer to the HIPAA Notice of Privacy Practices and Patient Bill of Rights in your signed Patient Intake Packet. You may exercise rights or file complaints as described there or by contacting us.

7. Third-Party Links and Content

We are not responsible for third-party privacy practices.

8. Limiting Data Collection

See Section 6. We conduct required privacy risk assessments for high-risk processing.

9. International Users

Data is maintained in the United States. By using the Company Technology, you consent to transfers to the U.S.

10. Children

We do not knowingly allow individuals under 18 to create accounts or use the Company Technology except where permitted by law.

11. Changes to the Privacy Notice

We may update this Notice and will revise the Effective Date. Review it periodically. The Patient Intake Packet forms may also be updated; you will receive the current versions upon intake.

12. Copyright and Trademarks

De Carolis DO, LLC owns all intellectual property in the Company Technology.

13. Legal Disclosure

The Company Technology is not a substitute for professional medical advice. Consult a physician for any health concerns. For questions, contact: care@drdecarolisdo.com.