World of Plastic Surgery Aesthetic LLC (“World of Plastic Surgery,” “WOPS,” “we,” “us,” or “our”)
Updated: September 10, 2025

1) Who We Are & Scope

Welcome to World of Plastic Surgery Aesthetic LLC. We are committed to protecting your privacy and securing your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our clinic, website, and communication channels, including:

Our website: www.wopsurgery.com

Phone, voicemail, email, web forms, live chat, and SMS/text messaging

Patient-facing services such as scheduling, reminders, pre-/post-op communications, and financing inquiries

By accessing or using our services, you agree to the practices described in this Policy. We may update this Policy to reflect changes in our practices or legal requirements. If we make material changes, we’ll update the “Updated” date and, where required, provide additional notice.

HIPAA Notice of Privacy Practices (NPP). Protected Health Information (“PHI”) is governed by our NPP provided at or before care. If you submit or discuss health information via our website, email, or SMS, we treat it as PHI and handle it under HIPAA, the HITECH Act, and the HIPAA Omnibus Rule, in addition to this Policy.

Contact (Privacy):
World of Plastic Surgery Aesthetic LLC – Attention: Privacy Requests
659 Douglas Ave, Altamonte Springs, FL 32714

Phone: 407-710-9677 

Email: info@wopsurgery.com

Web: www.wopsurgery.com

2) Information We Collect

The information we collect depends on how you interact with us. Categories may include:

Identifiers: name, alias, postal address, email, phone number, IP address, online identifiers, account IDs.

Sensitive Personal Information: PHI you provide; precise geolocation (if enabled); government IDs (only if legally required); payment-related data processed by our PCI-compliant payment processors.

Commercial Information: services considered/purchased, financing inquiries, appointment details, procedure preferences.

Internet/Device Activity: pages viewed, timestamps, referral URLs, on-site search terms, browser/OS, IP-derived approximate location.

Professional/Demographic Info: occupation, language and preference information (if provided).

Communications & Metadata: calls, voicemails, emails, SMS/texts, and form submissions (e.g., date/time, delivery status).

User-Generated Content: public reviews/comments (including profile photo if you use services like Gravatar). If you upload public images, avoid EXIF/GPS data—others may extract it.

From Other Sources. Consistent with law and your preferences, we may obtain limited contact/interest data from public databases, social platforms, marketing partners, or event co-hosts to keep records current and deliver relevant outreach.

3) Cookies, Analytics & Targeted Advertising

We use cookies and similar technologies to:

Operate our site and remember preferences

Perform analytics and improve user experience

Where permitted, deliver targeted advertising

You can adjust cookie settings in your browser and, where available, via on-site controls. Some features may not function without certain cookies. In limited cases, we may share pseudonymous data with analytics/advertising providers. California/other US states: see Your Privacy Rights and Opt-Out options below.

4) How We Use Your Information

We use information to:

Provide & Personalize Services: schedule/manage appointments; deliver pre-/post-op instructions; respond to inquiries; support recovery communications.

Communicate with You: send confirmations, reminders, updates, and—where permitted—marketing communications (see §10 SMS/Email).

Payments & Financing: process payments via PCI DSS-compliant processors; respond to billing/financing inquiries.

Improve & Secure: conduct analytics, quality assurance, and service improvement; detect, prevent, and investigate fraud, spam, abuse, or security incidents.

Compliance: meet legal/regulatory obligations (e.g., HIPAA/medical records retention), safety notices, recalls, and to honor privacy rights requests.

We do not sell or lease your data for money. See also Data Sharing (below).

5) Data Sharing (Disclosures)

We share information as needed to operate our services and as permitted/required by law:

Healthcare Providers: clinical personnel involved in your care, per HIPAA and our NPP.

Your Authorized Representatives: individuals you authorize or who are legally authorized (e.g., parents/guardians).

Service Providers/Business Associates: hosting, EHR/EMR, scheduling, payments/financing (e.g., Stripe, Alphaeon, CareCredit, Cherry), analytics, email/SMS platforms, call centers. We require confidentiality, security safeguards, and (where PHI is involved) BAAs.

Advertising/Marketing Partners: only with your consent where required; opt-out options provided below.

Legal/Compliance: to comply with law, enforce terms, protect safety and rights, or respond to lawful requests.

We do not knowingly “sell” or “share” children’s personal information.

6) Retention

We retain information only as long as necessary for the purposes described here, to deliver services, and to comply with legal, regulatory, tax, or accounting requirements. PHI is retained under medical-records and state-law requirements.

Examples (non-PHI):

Convenience cookies (if you opt-in) may persist up to one year.

Login cookies typically last two days; display preference cookies up to one year.

Comments/reviews and related metadata on our website/socials may be retained to streamline moderation and recognize follow-ups.

7) Information Security & Incident Response

We implement administrative, technical, and physical safeguards (e.g., encryption in transit, access controls, logging/monitoring, workforce training, vendor risk management, vulnerability management, and incident response). No method is 100% secure, but we strive to continuously improve. If a security incident involves your information, we will notify you consistent with HIPAA and applicable state laws (allowing reasonable time to assess scope, restore integrity, and coordinate with law enforcement where necessary).

8) Your Privacy Rights

Your rights vary by data type and jurisdiction:

HIPAA (PHI): You may access, inspect, copy, amend, request restrictions, request confidential communications, and obtain an accounting of disclosures as described in our NPP.

California (CCPA/CPRA): Rights to know/access, delete, correct, opt out of “selling”/“sharing” for cross-context advertising, limit use/disclosure of sensitive personal information, and be free from discrimination for exercising rights. Authorized agents may submit requests, subject to verification.

Other US State Laws (e.g., CO/CT/VA/UT): We honor applicable rights to access, delete, correct, and opt out of targeted advertising/sale/profiling where required.

EEA/UK (GDPR): Where applicable, we process under lawful bases (consent, contract, legal obligation, vital/public interest, legitimate interests). You may access, rectify, erase, restrict, object, and request portability; you may withdraw consent at any time. Cross-border transfers rely on appropriate safeguards (e.g., SCCs).

Do Not Track. Some browsers send DNT signals; we currently do not respond to DNT. You can manage certain tracking via browser/device settings and available site controls.

Children’s Privacy. Our services are not directed to children under 13, and we do not knowingly collect personal information from them without verifiable parental consent. If we learn we collected such information, we will delete it.

9) International Transfers

If you are outside the United States, your information may be processed in the U.S. or other countries with different data protection laws. Where required, we implement appropriate safeguards for such transfers.

10) Email & SMS/Text Communications (HIPAA, HITECH, Omnibus Rule, TCPA, CAN-SPAM, Florida FTSA)

Security & PHI Caution

Email, social media, messenger apps, and SMS/text are not fully secure for PHI. Please avoid sending PHI or financial details via unencrypted channels. If you initiate communication this way, you authorize us to respond in kind and acknowledge the inherent risks. Secure alternatives (e.g., patient portal or encrypted messaging) are available upon request.

Administrative (Non-Marketing) Messages

We may send non-marketing, conversational, informational, and service-related messages—e.g., appointment reminders, pre/post-op instructions, and care coordination—consistent with law and your communication preferences.

Marketing/Promotional Messages

We send promotional email/SMS only with your prior consent where required by law. Consent is not a condition of purchase or care. You can withdraw consent at any time via the opt-out methods below.

SMS Terms (Summary)

Types of messages (examples): appointment reminders, confirmations, follow-ups related to care; occasional promotions or special offers (if you consent).

Frequency: varies by service and your preferences.

Rates: standard message/data rates may apply.

Opt-In: clear, affirmative action is required (e.g., checking a consent box, replying “YES,” or signing a consent). We do not use pre-checked boxes for marketing.

Opt-Out: reply STOP to any SMS to opt out; reply HELP for assistance. You can also call or email us to adjust preferences.

Recordkeeping: we maintain time-stamped consent/opt-out logs.

Do-Not-Call: we maintain opt-out lists and respect applicable federal/state registries and rules.

We do not sell or share your mobile number or SMS consent with third parties for their marketing purposes. Message frequency varies; “Msg & data rates may apply.”

CAN-SPAM (Email)

Marketing emails will include our mailing address, identify the message as an advertisement (where applicable), and provide a no-cost unsubscribe mechanism. We honor unsubscribes promptly in accordance with legal timeframes.

11) Payments & Financing

We process payments through third-party processors (e.g., Stripe) over encrypted channels. Our processors maintain PCI DSS compliance. We do not store full payment card numbers on our servers.

12) State-/Region-Specific Notices

Florida: We comply with Florida health-records and breach-notification requirements and the Florida Telephone Solicitation Act (FTSA) for text/call marketing.

CCPA/CPRA – Notice at Collection: We collect the categories described in §2 for the purposes in §4, retain data as described in §6 or our retention policy, and share as described in §5.

NIS2 (EU): We are a U.S. clinic and not an EU “essential/important” entity. We align our security and incident-management practices with recognized principles that are broadly consistent with NIS2 where applicable.

13) Your Choices & Controls

Opt-Out of SMS: Reply STOP to any text; HELP for help.

Opt-Out of Email: Use the “unsubscribe” link or contact us.

Targeted Advertising (where applicable): Use on-site controls, browser settings, or platform ad settings; California residents may use any available “Do Not Sell or Share My Personal Information”

Cookies: Adjust browser settings and available site controls.

14) Exercising Your Rights / Contact Us

To submit a privacy request (access, deletion, correction, opt-out, marketing preferences) or to appeal a decision:

Email: info@wopsurgery.com

Phone: 407-710-9677

Mail: World of Plastic Surgery Aesthetic LLC – Attention: Privacy Requests,

Address: 659 Douglas Ave, Altamonte Springs, FL 32714
For SMS, reply STOP to opt out or HELP for help. For general (non-privacy) questions, please contact the clinic using the information above.

15) Updates to This Policy

We may update this Privacy Policy from time to time. Updates take effect upon posting to www.wopsurgery.com and will be dated at the top. Where required, we will provide additional notice.

Short-Form SMS Terms & Conditions (for forms and footers)

By providing your mobile number and opting in, you agree to receive SMS from World of Plastic Surgery Aesthetic LLC. Message frequency varies. Msg & data rates may apply. Reply STOP to opt out; HELP for help. Consent is not a condition of purchase or care. We do not sell or share your number with third parties for their marketing. See our Privacy Policy for details.