Privacy Policy
Privacy Policy
1. Privacy Policy:
Giffi Medical Associates, LLC
PRIVACY POLICY (ONLINE SERVICES)
Effective Date: December 1st, 2023
Last Updated: December 21st, 2025
Giffi Medical Associates, LLC (“Giffi Medical Associates,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy describes how we collect, use, and share information when you visit https://www.ultimatewell.com (the “Site”) and when you interact with our online services, communications, and tools that link to this Privacy Policy (collectively, the “Services”).
IMPORTANT: This Privacy Policy applies to website/online information. If you are a patient, our handling of Protected Health Information (“PHI”) is primarily governed by our HIPAA Notice of Privacy Practices (NPP), available here: HIPAA NPP. If there is a conflict between this Privacy Policy and the NPP regarding PHI, the NPP controls.
NOT FOR EMERGENCIES: Do not use the Site for medical emergencies. Call 911.
PLEASE DO NOT SEND MEDICAL INFO BY REGULAR EMAIL: If you contact us by email, do not include sensitive medical details. If you need to share medical information, please use our patient portal/telemedicine tools (if available) or call us.
1) WHO WE ARE / CONTACT US
Privacy questions or requests:
Privacy Officer: Jason Giffi
Mailing Address: 5732 Buckeystown Pike, Unit 4, Frederick, MD 21704
Phone: 240-931-0139
Email: contactus@ultimatewell.com
2) NOTICE AT COLLECTION (CATEGORIES WE COLLECT + WHY)
We collect (or may collect) the following categories of information for the purposes listed:
A. Identifiers & Contact Information
Examples: name, email address, phone number, mailing address.
Purpose: respond to requests, schedule appointments, provide services, send administrative messages, marketing (where permitted/opted-in), and customer support.
B. Appointment / Intake / Service Information
Examples: appointment requests, scheduling details, requested services, messages you send, and information you submit through forms or chat.
Purpose: scheduling, patient/customer support, service delivery, and operations.
C. Payment & Transaction Information (if you purchase something)
Examples: transaction history, billing/shipping details. Payment card data is typically handled by our payment processor.
Purpose: process payments, prevent fraud, fulfill orders, accounting and tax compliance.
D. Internet / Device / Usage Data
Examples: IP address, device identifiers, browser type, pages viewed, clicks, referring pages, approximate location (from IP), timestamps.
Purpose: security, troubleshooting, analytics, improving the Site/Services, and advertising/remarketing (where enabled).
E. Communications
Examples: emails, texts, phone call metadata, chat messages, voicemails, and other communications.
Purpose: respond to you, scheduling, support, quality assurance, and recordkeeping.
F. Sensitive Data / Health-Related Information
Examples: information about your health, symptoms, medications, treatments, biometric/health measurements you provide, or other data that may be considered sensitive.
Purpose: when collected for healthcare services, it may be handled as PHI under HIPAA (see NPP). When collected outside HIPAA contexts, we limit collection/processing consistent with applicable law and the purpose disclosed to you.
3) HOW WE COLLECT INFORMATION
We collect information:
• From you directly (when you fill out forms, request appointments, use chat, or contact us)
• Automatically (cookies and similar technologies on the Site, subject to your choices—see Section 7)
• From service providers you use to interact with us (scheduling/telemedicine/phone systems, etc.)
4) HOW WE USE INFORMATION
We use information to:
• Provide, operate, and improve the Site and Services
• Schedule appointments and provide support
• Communicate with you (including confirmations, reminders, and responses)
• Provide telemedicine and related services where applicable
• Process payments and prevent fraud (if applicable)
• Perform analytics and measure Site performance
• Maintain security, detect/prevent misuse, and debug
• Comply with legal obligations and enforce our policies
• Send marketing communications where permitted by law (you can opt out—see Section 8)
5) HOW WE SHARE INFORMATION
We share information only as described below:
A. Service providers (vendors)
We use vendors to help operate the Site and provide services. These vendors may process information on our behalf under contracts that restrict how they use it.
Examples of vendors we use:
• OptiMantra: EHR and practice management tools, including scheduling/booking and related administrative functions.
• MyBodySite: telemedicine, secure messaging/chat, and scheduling tools (where enabled).
• GoTo: phone system/communications tools (e.g., call routing, voicemail, call records; and if enabled, call recordings).
Other vendors we may use from time to time (depending on what is enabled on the Site): website hosting providers, IT/security providers, email/SMS tools, payment processors, shipping providers, and analytics/advertising providers.
B. Legal, safety, and compliance
We may disclose information to comply with law, respond to lawful requests, protect rights/safety, investigate fraud or security incidents, and enforce our policies.
C. Business transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, information may be transferred as part of that transaction.
D. PHI (Protected Health Information)
If information is PHI, we use and disclose it as described in our HIPAA Notice of Privacy Practices and applicable law. When vendors handle PHI for us, they may be treated as “business associates” under HIPAA and must protect PHI as required by contract and law.
6) DO WE SELL OR “SHARE” PERSONAL INFORMATION?
We do not sell your personal information for money.
Some privacy laws define “sale” or “sharing” broadly to include certain disclosures of online identifiers and browsing activity to advertising/analytics partners (such as for remarketing or targeted advertising). Where we engage in those activities, you can opt out as described in Section 9 (“Your Privacy Rights and Choices”).
7) COOKIES, ANALYTICS, AND ADVERTISING/REMARKETING
We may use cookies and similar technologies (pixels, tags, web beacons) for:
• Essential Site functionality
• Preferences and performance
• Analytics (understanding usage)
• Advertising/remarketing (showing ads based on visits to our Site)
Your choices:
• Browser controls: You can usually set your browser to block or delete cookies. Some Site features may not work properly without cookies.
• Advertising controls: You may be able to opt out of interest-based ads through platform settings (e.g., Google/YouTube, Meta) and industry opt-out tools.
• Opt-out signals: Where required by applicable law, we will honor valid opt-out preference signals and other opt-out mechanisms.
If you believe tracking tools are being used on a page where you are submitting sensitive information and you want to report it, contact our Privacy Officer.
8) EMAIL, TEXT MESSAGES, AND PHONE COMMUNICATIONS
If you provide your phone number or email, we may contact you for:
• Scheduling and reminders
• Customer/patient support
• Administrative notices
• Marketing messages (where permitted)
Marketing opt-out:
• Emails: use the “unsubscribe” link (if included) or contact us.
• Texts: reply STOP to marketing texts (message/data rates may apply; message frequency varies).
Security note: Standard email/SMS may not be fully secure. Please avoid sending highly sensitive medical information via standard email or text.
9) YOUR PRIVACY RIGHTS AND CHOICES (MARYLAND AND OTHER APPLICABLE LAWS)
Depending on where you live and the context of the data, you may have rights to:
• Access: request access to personal data we maintain about you
• Correction: request we correct inaccurate personal data
• Deletion: request we delete personal data (subject to legal/recordkeeping exceptions)
• Portability: request a copy of certain data in a portable format
• Opt out: opt out of processing for targeted advertising, certain profiling, and certain “sale”/“sharing” of personal data as defined by law
• Revoke consent: where processing is based on consent, you may revoke it (with legal exceptions)
• Appeal: if we deny a request, you may have the right to appeal our decision
How to submit a request:
Email: contactus@ultimatewell.com with the subject line “Privacy Request”
Or mail: 5732 Buckeystown Pike, Unit 4, Frederick, MD 21704
Or call: 240-931-0139
We will take steps to verify your identity before responding. We will respond within the time required by applicable law. We will not discriminate against you for exercising privacy rights.
Authorized agent:
Where permitted by law, you may use an authorized agent to submit an opt-out request on your behalf, subject to verification.
10) DATA RETENTION
We retain information for as long as reasonably necessary for the purposes described above and as required by law. Healthcare records (and related PHI) are retained according to applicable medical record retention requirements.
11) SECURITY
We use reasonable administrative, technical, and physical safeguards designed to protect information. However, no system can be guaranteed 100% secure.
12) CHILDREN’S PRIVACY
The Site is not directed to children, and we do not knowingly collect personal information from children without appropriate authorization. If you believe a child has provided information to us, contact our Privacy Officer.
13) CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. The “Last Updated” date above reflects the most recent revision. Continued use of the Site after changes means you accept the updated policy.