Website privacy policy

This policy is intended to comply with applicable federal and state privacy laws, including but not limited to the California Consumer Privacy Act (as amended by the CPRA), Colorado Privacy Act, Connecticut Data Privacy Act, Maryland Online Data Privacy Act, Texas Data Privacy and Security Act, New Jersey Data Privacy Act, and other applicable laws. 

This Policy does not replace or modify our HIPAA Notice of Privacy Practices (“NPP”), which governs how we use and disclose protected health information (“PHI”) for patients receiving medical care.

GenesisCare USA of Florida, LLC, dba SunState Medical Specialists ("SunState Medical Specialists") is affiliated with OneOncology, LLC (“OneOncology”), a management services organization that provides administrative and operational support services to affiliated physician practices. This Privacy Policy applies solely to personal information collected through this Practice’s Website.

OneOncology maintains its own separate Privacy Policy applicable to its corporate website and enterprise-level operations. Nothing in this Policy modifies or replaces the OneOncology Privacy Policy or the Practice’s HIPAA Notice of Privacy Practices. For clarity, the Practice is the HIPAA covered entity responsible for patient care and protected health information.

This Policy applies only to personal information collected through our Website. Information submitted through the Website may become PHI once associated with an individual receiving medical services, at which point it is governed by HIPAA and our NPP.

We do not intentionally collect PHI through the Website except through secure, designated channels. Appointment request forms and designated patient communication portals are transmitted using encrypted connections where commercially reasonable and supported by our service providers.  Submission of information via unsecured email may not be encrypted and users are encouraged not to submit sensitive health information through non-secure channels. 

In the preceding twelve (12) months, we have collected the categories of personal information described in this section. 

We may collect the following categories of personal information:
• Identifiers (name, email address, phone number, IP address)
• Internet or network activity (pages visited, referring URLs, device type)
• General geolocation data (derived from IP address)
• Communications submitted via contact or appointment request forms

We do not knowingly collect or process sensitive personal information for purposes of targeted advertising, profiling with legal or similarly significant effects, or secondary commercial purposes. We do not use or disclose sensitive personal information for purposes other than those permitted by law.

Sources of Personal Information

We collect personal information:
• Directly from you
• Automatically through cookies, pixels, and similar technologies
• From service providers that support website functionality, analytics, and security

How We Use Personal Information

We collect and process personal data that is reasonably necessary and proportionate to achieve the purposes for which it was collected, as required by applicable law.  We do not process personal data for purposes that are not reasonably necessary or compatible with disclosed purposes without obtaining appropriate consent where required. 

We use personal information to:
• Respond to inquiries and appointment requests
• Operate, maintain, and improve our Website
• Communicate regarding services or updates
• Protect the security and integrity of our systems
• Comply with legal and regulatory obligations
• Support business operations, including corporate transactions

We use cookies, pixels, web beacons, and similar tracking technologies to operate and secure the Website, analyze usage trends, and improve user experience. These technologies may collect IP address, device information, browser types, pages visited, time spent on pages, and referring URLs.  We may use analytics tools, pixels, cookies, and similar technologies that may constitute ‘targeted advertising’ or ‘sharing’ under certain state privacy laws. These technologies may collect information about your interactions with our website over time and across different websites. 

Analytics tools may be provided by third-party vendors acting on our behalf under contractual safeguards. We do not permit third-party advertising networks to collect protected health information through the Website. We honor legally recognized universal opt-out preference signals, including Global Privacy Control (GPC), where required by applicable law. 

Where required by applicable law, users may manage cookie preferences through available consent tools. Users may also adjust browser settings to limit cookies; however, certain Website features may not function properly if cookies are disabled.  Users may manage cookie preferences through our cookie consent management tool, where required by law. 

We may disclose personal information to:
• Service providers (hosting, analytics, IT security)
• Professional advisors (legal, accounting)
• Government authorities when required by law
• Successors in the event of a merger, acquisition, or reorganization

We do not sell personal information for monetary consideration. Certain disclosures to analytics or service providers may constitute a “sale” or “sharing” under certain state laws.

We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Policy, including complying with legal obligations, resolving disputes, enforcing agreements, and maintaining security.  Retention periods are determined based on the nature of the information, the purposes for processing, legal requirements, and operational necessity. 

Data Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction.

Certain state privacy laws may provide residents with rights regarding their personal information, including the right to access, correct, delete, or opt out of certain data uses. We will honor applicable privacy rights in accordance with law.

Depending on your state of residence, you may have the following rights: 

• Right to access personal information
• Right to correct inaccurate personal information
• Right to delete personal information
• Right to opt out of targeted advertising or sharing
• Right to limit use of sensitive personal information (where applicable)
• Right to appeal a denial of a privacy request (CO, CT, TX, NJ, MD)
• Right to designate an authorized agent (CA and where applicable)

To submit a privacy request, please contact us using the information below. We may require verification of your identity before processing requests.  We will respond to verified consumer requests within the timeframes required by applicable law.  If we deny your request, you may have the right to appeal our decision.  Appeal instructions will be provided in our written response to your requ

Children’s Privacy

Our Website is not directed to children under 13 years of age, and we do not knowingly collect personal information from children.

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those external sites.

Where required by applicable law, we recognize and process universal opt-out preference signals sent by your browser. 

Sensitive Data & Profiling

We do not process sensitive personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers. 

This Policy is reviewed at least annually and updated as necessary to reflect changes in legal requirements, technology, and business practices. Updates will be posted on the Website with a revised effective date. Continued use of the Website after changes indicates acceptance of the updated Policy.