Privacy Policy

Privacy Policy
Notice of Privacy Practice

Privacy Policy

Effective date: 18-November-2025
Updated on: 19-November-2025

This Privacy Policy explains the policies of https://www.goldenstatedermatology.com/ on the collection, use, disclosure and protection of personal data we collect when you access https://www.goldenstatedermatology.com/ (the “Service”). This Privacy Policy defines and describes your privacy rights and how you are protected under applicable
privacy laws.

By using our Service, you are consenting to the collection and use of your personal data in accordance with this Privacy Policy. Please do not access or use our Service if you do not consent to the collection and use of your information as outlined in this Privacy Policy.

WHAT INFORMATION DO WE COLLECT, FOR WHAT PURPOSES, AND ON WHAT LEGAL BASIS.

The definitions of legal basis used below are understood as follows:

  • Legitimate interest: interest of the Company or of a third party, provided that your interests or the fundamental rights and freedoms are not overriding, and such use of your persona; details balanced against your human rights and freedoms.
  • Contract performance: processing your personal data where it is necessary for the performance of a contract to which you are a party or to take
    pre-contractual measures before entering such a contract.
  • Legal Obligations: processing your personal data where it is necessary for compliance with a legal or regulatory obligations that we are subject to.
  • Consent: your consent shall mean any freely given, specific, informed, and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify your agreement to the processing of personal data relating to you. We can request your consent for processing when we do not have another legal basis for processing your data.

ONLINE IDENTIFIERS & DEVICE INFORMATION.

What We Collect: IP Address, Device Identifiers (e.g., MAC address, IMEI), Browser Type and Version, Operating System
Purpose: To secure our platform, optimize performance, and understand technical usage.
Retention Period: 30 days
Legal Basis: Consent

PREFERENCES AND BEHAVIORAL DATA.

What We Collect: User Interests and Preferences
Purpose: To personalize recommendations, ads, and content.
Retention Period: 30 days
Legal Basis: Consent

HOW DO WE OBTAIN YOUR PERSONAL DATA.

WE COLLECT INFORMATION YOU PROVIDE DIRECTLY TO US WHEN YOU:

  • Fill in any forms
  • Use our Services
  • Correspond with us
  • Speak with a member of our Clients’ support team
  • Contact us for other reasons
  • Marketing and analytics tools

REQUIREMENTS TO PROVIDE PERSONAL DATA:

In certain cases, the provision of personal data is either a legal or contractual requirement, or a requirement necessary to enter into a contract.

We do not transfer personal data to any third countries outside the European Economic Area (EEA).

DATA SUBJECT RIGHTS.

YOU HAVE THE FOLLOWING RIGHTS REGARDING YOUR PERSONAL DATA:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
  • Right to Erasure (Right to be Forgotten): Under certain conditions, you may request the deletion of your personal data.
  • Right to Restrict Processing: You can request the limitation of processing of your personal data under specific circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transfer that data to another controller
  • Right to Object: In some cases, you may object to the processing of your personal data.
  • Right to be Informed: You have the right to be provided with clear, transparent and easily understandable information about how we process your personal data.

WITHDRAWAL OF CONSENT:

In accordance with Article 13(2)(c) of the GDPR, you have the right to withdraw your consent to the processing of your personal data at any time. As a visitor to this website, you can easily adjust or withdraw your consent directly via the consent banner provided on the site. Alternatively, if you prefer, you may contact the website operator using the contact details provided in this privacy policy. Please note that withdrawing your consent does not affect the lawfulness of any processing carried out before your withdrawal.

To exercise these rights, please contact us at [email protected].

We will exercise your rights only after receives your written request to exercise a particular right indicated above and only after confirming the validity of your identity.

Your requests shall be fulfilled, or fulfilment of your requests shall be refused by specifying the reasons for such refusal, within one month from the date of submission of the request meeting our internal rules and GDPR. The period may be extended by two further months if the request is related to a great scope of personal data or other simultaneously examined requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. A response to you will be provided in a form of your choosing as the requester.

We may refuse to satisfy your request if the exceptions and/or limitations to the exercise of data subjects’ rights set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reasons for such refusal in writing.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with a competent
supervisory authority. For example, if you reside in the European Union, you may contact your national Data Protection Authority. Detailed contact information
for your supervisory authority can typically be found on its official website.

Please note that, although no system of technology is completely secure, we have to implement appropriate security measures in order to minimize the risks of
unauthorized access to or improper use of your personal information.

SECURITY

Please note that, although no system of technology is completely secure, we have to implement appropriate security measures in order to minimize the risks of unauthorized access to or improper use of your personal information.

  • We and our third-party service providers that may be engaged in the processing of personal data on our behalf (for the purposes indicated above) are contractually obligated to respect the confidentiality of the personal data.
  • We implement reasonable security practices and procedures to help protect the confidentiality and security of your information, including any non-public personal information. We protect your information using reasonable physical, technical, and administrative security measures, including by limiting access to your information to employees with a need to know such information.

CHANGES TO THIS POLICY

We regularly review this Privacy Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes will take effect immediately upon their publication on our Website.

Please review this Privacy Policy from time to time to stay updated regarding any changes.

CONTACT US

For any questions, please contact us through the following methods:

  • Name: Golden State Dermatology
  • Address: 370 N. Wiget Lane, Walnut Creek, CA 94598
  • Email: [email protected]
  • Website: https://www.goldenstatedermatology.com/
  • Phone: (925) 278-7799

NOTICE OF PRIVACY PRACTICES

CALKIN AND BOUDREAUX DERMATOLOGY ASSOCIATES

Beth Santizo Privacy Officer 916-646-3376

Effective Date: 09/15/13

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

We understand the importance of privacy and are committed to maintaining the confidentiality of your medical information. We make a record of the medical care we provide and may receive such records from others. We use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and to enable us to meet our professional and legal obligations to operate this medical practice properly. We are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. This notice describes how we may use and disclose your medical information. It also describes your rights and our legal obligations with respect to your medical information. If you have any questions about this Notice, please contact our Privacy Officer listed above.

TABLE OF CONTENTS

A. How This Medical Practice May Use or Disclose Your Health Information ……………………………. p.1

B. When This Medical Practice May Not Use or Disclose Your Health Information…………………….. p.4

C. Your Health Information Rights ………………………………………………………………………………………… p.4

1. Right to Request Special Privacy Protections

2. Right to Request Confidential Communications

3. Right to Inspect and Copy

4. Right to Amend or Supplement

5. Right to an Accounting of Disclosures

6. Right to a Paper or Electronic Copy of this Notice

D. Changes to this Notice of Privacy Practices…………………………………………………………………………. p.6

E. Complaints ……………………………………………………………………………………………………………………… p.6

A. How This Medical Practice May Use or Disclose Your Health Information

The medical record is the property of this medical practice, but the information in the medical record belongs to you. The law permits us to use or disclose your health information for the following purposes:

1. Treatment. We use medical information about you to provide your medical care. We disclose medical information to our employees and others who are involved in providing the care you need.

For example, we may share your medical information with other physicians or other health care providers who will provide services that we do not provide or we may share this information with a pharmacist who needs it to dispense a prescription to you, or a laboratory that performs a test. We may also disclose medical information to members of your family or others who can help you when you are sick or injured, or following your death.

2. Payment. We use and disclose medical information about you to obtain payment for the services we provide. For example, we give your health plan the information it requires for payment. We may also disclose information to other health care providers to assist them in obtaining payment for services they have provided to you.

3. Health Care Operations. We may use and disclose medical information about you to operate this medical practice. For example, we may use and disclose this information to review and improve the quality of care we provide, or the competence and qualifications of our professional staff. Or we may use and disclose this information to get your health plan to authorize services or referrals. We may also use and disclose this information as necessary for medical reviews, legal services and audits, including fraud and abuse detection and compliance programs and business planning and management. We may also share your medical information with our “business associates,” such as our billing service, that perform administrative services for us. We have a written contract with each of these business associates that contains terms requiring them and their subcontractors to protect the confidentiality and security of your medical information. Although federal law does not protect health information which is disclosed to someone other than another healthcare provider, health plan, healthcare clearinghouse, or one of their business associates, California law prohibits all recipients of healthcare information from further disclosing it except as specifically required or permitted by law.

We may also share your information with other health care providers, health care clearinghouses or health plans that have a relationship with you, when they request this information to help them with their quality assessment and improvement activities, their patient-safety activities, their population based efforts to improve health or reduce health care costs, protocol development, case management or care coordination activities, their review of competence, qualifications and performance of health care professionals, their training programs, their accreditation, certification or licensing activities, their activities related to contracts of health insurance or health benefits, or their health care fraud and abuse detection and compliance efforts. We may also share medical information about you with the other health care providers, health care clearinghouses and health plans that participate with us in “organized health care arrangements” (OHCAs) for any of the OHCAs’ health care operations. OHCAs include hospitals, physician organizations, health plans, and other entities which collectively provide health care services. A listing of the OHCAs we participate in is available from the Privacy Official.

4Appointment Reminders. We may use and disclose medical information to contact and remind you about appointments. If you are not home, we may leave this information on your answering machine or in a message left with the person answering the phone.

5. Sign-in Sheet. We may use and disclose medical information about you by having you sign in when you arrive at our office. We may also call out your name when we are ready to see you.

6. Notification and Communication with Family. We may disclose your health information to notify or assist in notifying a family member, your personal representative or another person responsible for your care about your location, your general condition or, unless you have instructed us otherwise, in the event of your death. In the event of a disaster, we may disclose information to a relief organization so that they may coordinate these notification efforts. We may also disclose information to someone who is involved with your care or helps pay for your care. If you are able and available to agree or object, we will give you the opportunity to object prior to making these disclosures, although we may disclose this information in a disaster even over your objection if we believe it is necessary to respond to the emergency circumstances. If you are unable or unavailable to agree or object, our health professionals will use their best judgment in communication with your family and others.

7. Marketing. Provided we do not receive any payment for making these communications, we may contact you to encourage you to purchase or use products or services related to your treatment, case management or care coordination, or to direct or recommend other treatments, therapies, health care providers or settings of care that may be of interest to you. We may similarly describe products or services provided by this practice and tell you which health plans we participate in., We may receive financial compensation to talk with you face-to-face, to provide you with small promotional gifts, or to cover our cost of reminding you to take and refill your medication or otherwise communicate about a drug or biologic that is currently prescribed for you, but only if you either: (1) have a chronic and seriously debilitating or life-threatening condition and the communication is made to educate or advise you about treatment options and otherwise maintain adherence to a prescribed course of treatment, or (2) you are a current health plan enrollee and the communication is limited to the availability of more cost-effective pharmaceuticals. If we make these communications while you have a chronic and seriously debilitating or life-threatening condition, we will provide notice of the following in at least 14-point type: (1) the fact and source of the remuneration; and (2) your right to opt-out of future remunerated communications by calling the communicator’s toll-free number. We will not otherwise use or disclose your medical information for marketing purposes or accept any payment for other marketing communications without your prior written authorization. The authorization will disclose whether we receive any financial compensation for any marketing activity you authorize, and we will stop any future marketing activity to the extent you revoke that authorization.

8. Sale of Health Information. We will not sell your health information without your prior written authorization. The authorization will disclose that we will receive compensation for your health information if you authorize us to sell it, and we will stop any future sales of your information to the extent that you revoke that authorization.

9. Required by Law. As required by law, we will use and disclose your health information, but we will limit our use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will further comply with the requirement set forth below concerning those activities.

10Public Health. We may, and are sometimes required by law to disclose your health information to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child, elder or dependent adult abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure. When we report suspected elder or dependent adult abuse or domestic violence, we will inform you or your personal representative promptly unless in our best professional judgment, we believe the notification would place you at risk of serious harm or would require informing a personal representative we believe is responsible for the abuse or harm.

11. Health Oversight Activities. We may, and are sometimes required by law to disclose your health information to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by federal and California law.

12Judicial and Administrative Proceedings. We may, and are sometimes required by law, to disclose your health information in the course of any administrative or judicial proceeding to the extent expressly authorized by a court or administrative order. We may also disclose information about you in response to a subpoena, discovery request or other lawful process if reasonable efforts have been made to notify you of the request and you have not objected, or if your objections have been resolved by a court or administrative order.

13. Law Enforcement. We may, and are sometimes required by law, to disclose your health information to a law enforcement official for purposes such as identifying of locating a suspect, fugitive, material witness or missing person, complying with a court order, warrant, grand jury subpoena and other law enforcement purposes.

14. Coroners. We may, and are often required by law, to disclose your health information to coroners in connection with their investigations of deaths.

15. Organ or Tissue Donation. We may disclose your health information to organizations involved in procuring, banking or transplanting organs and tissues.

16. Public Safety. We may, and are sometimes required by law, to disclose your health information to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.

17. Proof of Immunization. We will disclose proof of immunization to a school where the law requires the school to have such information prior to admitting a student if you have agree to the disclosure on behalf of yourself or your dependent.

18. Specialized Government Functions. We may disclose your health information for military or national security purposes or to correctional institutions or law enforcement officers that have you in their lawful custody.

19. Workers’ Compensation. We may disclose your health information as necessary to comply with workers’ compensation laws. For example, to the extent your care is covered by workers’ compensation, we will make periodic reports to your employer about your condition. We are also required by law to report cases of occupational injury or occupational illness to the employer or workers’ compensation insurer.

20. Change of Ownership. In the event that this medical practice is sold or merged with another organization, your health information/record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.

21. Breach Notification. In the case of a breach of unsecured protected health information, we will notify you as required by law. If you have provided us with a current email address, we may use email to communicate information related to the breach. In some circumstances our business associate may provide the notification. We may also provide notification by other methods as appropriate. 

B. When This Medical Practice May Not Use or Disclose Your Health Information

C. Your Health Information Rights

1. Right to Request Special Privacy Protections. You have the right to request restrictions on certain uses and disclosures of your health information by a written request specifying what information you want to limit, and what limitations on our use or disclosure of that information you wish to have imposed. If you tell us not to disclose information to your commercial health plan concerning healthcare items or services for which you paid for in full out-of-pocket, we will abide by your request, unless we must disclose the information for treatment or legal reasons. We reserve the right to accept or reject any other request, and will notify you of our decision.

2. Right to Request Confidential Communications. You have the right to request that you receive your health information in a specific way or at a specific location. For example, you may ask that we send information to a particular email account or to your work address. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications.

3. Right to Inspect and Copy. You have the right to inspect and copy your health information, with limited exceptions. To access your medical information, you must submit a written request detailing what information you want access to, whether you want to inspect it or get a copy of it, and if you want a copy, your preferred form and format. We will provide copies in your requested form and format if it is readily producible, or we will provide you with an alternative format you find acceptable, or if we can’t agree and we maintain the record in an electronic format, your choice of a readable electronic or hardcopy format. We will also send a copy to any other person you designate in writing. We will charge a reasonable fee which covers our costs for labor, supplies, postage, and if requested and agreed to in advance, the cost of preparing an explanation or summary, as allowed by federal and California law. We may deny your request under limited circumstances. If we deny your request to access your child’s records or the records of an incapacitated adult you are representing because we believe allowing access would be reasonably likely to cause substantial harm to the patient, you will have a right to appeal our decision. If we deny your request to access your psychotherapy notes, you will have the right to have them transferred to another mental health professional.

4. Right to Amend or Supplement. You have a right to request that we amend your health information that you believe is incorrect or incomplete. You must make a request to amend in writing, and include the reasons you believe the information is inaccurate or incomplete. We are not required to change your health information, and will provide you with information about this medical practice’s denial and how you can disagree with the denial. We may deny your request if we do not have the information, if we did not create the information (unless the person or entity that created the information is no longer available to make the amendment), if you would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. If we deny your request, you may submit a written statement of your disagreement with that decision, and we may, in turn, prepare a written rebuttal. You also have the right to request that we add to your record a statement of up to 250 words concerning anything in the record you believe to be incomplete or incorrect. All information related to any request to amend or supplement will be maintained and disclosed in conjunction with any subsequent disclosure of the disputed information.

5. Right to an Accounting of Disclosures. You have a right to receive an accounting of disclosures of your health information made by this medical practice, except that this medical practice does not have to account for the disclosures provided to you or pursuant to your written authorization, or as described in paragraphs 1 (treatment), 2 (payment), 3 (health care operations), 6 (notification and communication with family) and 18 (specialized government functions) of Section A of this Notice of Privacy Practices or disclosures for purposes of research or public health which exclude direct patient identifiers, or which are incident to a use or disclosure otherwise permitted or authorized by law, or the disclosures to a health oversight agency or law enforcement official to the extent this medical practice has received notice from that agency or official that providing this accounting would be reasonably likely to impede their activities.

D. Changes to this Notice of Privacy Practices

We reserve the right to amend our privacy practices and the terms of this Notice of Privacy Practices atany time in the future. Until such amendment is made, we are required by law to comply with this Notice. After an amendment is made, the revised Notice of Privacy Protections will apply to all protected health information that we maintain, regardless of when it was created or received. We will keep a copy of the current notice posted in our reception area, and a copy will be available at each appointment.  We will also post the current notice on our website.

E. Complaints

Complaints about this Notice of Privacy Practices or how this medical practice handles your health information should be directed to our Privacy Officer listed at the top of this Notice of Privacy Practices. If you are not satisfied with the manner in which this office handles a complaint, you may submit a formal complaint to:

Region IX
Office for Civil Rights
U.S. Department of Health & Human Services
90 7th Street, Suite 4-100
San Francisco, CA 94103

(800) 368-1019; (800) 537-7697 (TDD)

[email protected]

The complaint form may be found at www.hhs.gov/ocr/privacy/hipaa/complaints/hipcomplaint.pdf

You will not be penalized in any way for filing a complaint.

Your Cookie Settings