Privacy Policy & Notice of Privacy Practices

1. Introduction

PT of The City is a premier physical therapy and rehabilitation network founded in 2020, operating over 30 neighborhood clinics across New York City. We utilize sophisticated diagnostic methods and evidence-based care to treat patients of all ages, providing a patient-centric, concierge approach to rehabilitation.

This Privacy Policy governs our data collection, processing, and retention practices across our digital properties, including our website at https://www.ptofthecity.com/, and our marketing and administrative operations. We safeguard your privacy in strict accordance with the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

2. HIPAA Notice of Privacy Practices

As a medical provider, any Protected Health Information (PHI) you provide to us is strictly confidential. We use your health information solely for treatment, payment, and healthcare operations. We implement robust physical, administrative, and technical safeguards to secure your medical data. You retain the right to request access to your medical records, request amendments, and restrict how your health information is used or disclosed.

3. What We Collect & Why

We collect specific categories of personal data to effectuate our healthcare services and digital operations:

• Information You Provide Directly: We collect identifiers (Name, Email, Phone Number, Address, City, State, Province, ZIP/Postal code) and sensitive health information to establish your patient profile and formulate treatment plans.
• Information Collected Automatically: We automatically collect location data, usage analytics, cookies, tracking data, and device information to maintain secure, user-friendly digital infrastructure.
• Information from Third Parties: We receive aggregated usage metrics and security threat intelligence from third-party vendors to protect network integrity.

4. How We Use Your Information

We process personal information exclusively for specific, explicit, and legitimate purposes:

• Core Service Delivery: Administering physical therapy, managing appointments, and fulfilling contractual obligations.
• Service Improvement: Analyzing usage to enhance our digital interfaces and concierge approach.
• Communication: Transmitting appointment reminders, clinical updates, and administrative notices.
• Security & Fraud Prevention: Detecting and mitigating malicious activities to protect our infrastructure.
• Legal Compliance: Retaining necessary records to comply with statutory mandates, including HIPAA and state medical board requirements.
• Marketing: Sending SMS and email campaigns containing news, health tips, and promotional materials. You may opt out at any time.

5. When We Share Your Information

We maintain strict limitations on external data dissemination and do not sell your personal data to any third party. We only disclose information under these circumstances:

• Essential Service Providers: We share necessary data with vetted vendors (e.g., Cloudflare for security, Google Analytics for tracking) who process data strictly per our instructions.
• Legal Requirements: Disclosures to regulatory authorities or law enforcement when legally compelled.
• Business Transitions: Transfers to successor entities during mergers or acquisitions, provided they assume the obligations of this Policy.
• With Consent: Sharing data for alternative purposes only with your prior, unambiguous consent.

6. Cookies, Tracking & Advertising

While we do not show third-party display ads on our website, we utilize tracking technologies for functionality and our own marketing initiatives:

• Google Analytics: We use Google Analytics with advanced features enabled (ga advertising=true and ga signals=true). This permits cross-device tracking and enhanced demographic data collection for users who enable personalized advertising in their Google accounts.
• Google Ads Remarketing: We use remarketing to advertise PT of The City across the internet. Google uses cookies to serve ads based on your past visits to our site.
• Invisible reCAPTCHA: We deploy Google's Invisible reCAPTCHA to protect our site from spam.
• Managing Preferences: We honor Global Privacy Control (GPC) signals as valid opt-out requests for targeted advertising and tracking.

7. Data Security

Our security posture aligns with SOC 2 compliance standards to ensure data confidentiality and integrity.

• Protective Measures: We employ advanced encryption (in transit and at rest), strict role-based access controls (RBAC), and Cloudflare to mitigate DDoS attacks.
• User Responsibilities: We advise maintaining account credential confidentiality and accessing our services through secure networks.
• Breach Notification: In the event of a confirmed breach of sensitive information, we will notify you and regulatory authorities without undue delay per HIPAA Rules.

8. Data Retention

We enforce strict retention schedules to minimize data exposure:

• Active Account Data: Retained for the duration of our clinical relationship plus an administrative buffer.
• Medical and Financial Records: Retained for a minimum of six (6) to seven (7) years following the last date of service, pursuant to New York State law and HIPAA.
• Marketing Preferences: Retained until you formally withdraw consent.
• Technical Logs: Routine server logs and analytics are retained for no more than twelve (12) months.

9. Your Privacy Rights

You possess actionable rights regarding your personal information under applicable laws like the CCPA/CPRA:

• Access: Request disclosure of specific data collected (fulfilled within 45 days).
• Correction: Request rectification of inaccurate records.
• Deletion: Request erasure of personal data, subject to legal/medical retention exceptions.
• Data Portability: Receive a copy of your data in a machine-readable format.
• Opt-Out: Opt out of marketing communications and targeted advertising tracking.
• Withdraw Consent: Revoke previously granted processing consent at any time.

10. Children's Privacy

We provide physical therapy to pediatric populations and strictly adhere to the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect digital information from children under thirteen (13) without verifiable parental consent. All intake and medical forms for minors must be executed by a legally authorized guardian.

11. International Transfers

PT of The City is domiciled in the United States. However, through global infrastructure providers like Cloudflare, certain technical routing data may temporarily process outside the US. We ensure these vendors are bound by robust agreements and Standard Contractual Clauses (SCCs) to protect your privacy globally.

12. Changes to this Policy

We reserve the right to amend this Policy to reflect operational or legal changes. Material modifications will be posted on this website with an updated "Effective Date." We will seek affirmative consent for significant changes affecting sensitive personal information where legally required.

13. Contact Us

For questions, privacy inquiries, or rights requests, contact us at:

• Email: info@ptofthecity.com
• Phone: (718) 648-0888
• Fax: (855) 955-3899
• Address: 8403 3rd Avenue, Brooklyn, NY 11209, United States

SMS Privacy Policy

PT of The City respects your privacy regarding any text messages (SMS) you receive from us.

• No Third-Party Sharing: We use your phone number strictly to communicate regarding your healthcare, appointment reminders, and our marketing campaigns. We do not share, sell, or distribute your phone number, opt-in data, or consent to any third parties or affiliates for their marketing purposes.
• Data Security: Your phone number is stored securely within our HIPAA-compliant communication infrastructure.

SMS Terms & Conditions

By providing your phone number to PT of The City, you agree to the following terms regarding SMS communication:

• Program Description: We utilize SMS messaging for appointment reminders, clinic news, health tips, and marketing promotions.
• Consent to Receive Messages: By providing your mobile number, you explicitly consent to receive automated and manual text messages. Consent is not a condition of purchasing any services.
• Message Frequency: Frequency varies based on your appointment schedule and promotional cycles.
• Rates: Standard message and data rates may apply depending on your cellular carrier.
• How to Opt-Out: You may opt out at any time by replying STOP to any message. You will receive a final confirmation, and no further messages will be sent unless you re-enroll.
• Customer Support: Reply HELP for assistance, or contact us directly at (718) 648-0888.
• Carrier Liability: Carriers are not liable for delayed or undelivered messages.