Privacy Policy

Privacy Policy

Effective Date: February 7, 2026
Last Updated: February 7, 2026

1. Introduction

Mayra Alfonso Physiatry, PLLC (“Mayra Alfonso Physiatry,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit drmayraalfonso.com (the “Website”), contact us, request information, or otherwise interact with our services (collectively, the “Services”).

This Website is intended for a general audience. Do not use the Website or its contact forms for medical emergencies. If you have a medical emergency, call 911 or go to the nearest emergency room.

2. HIPAA and Protected Health Information (PHI)

If you become a patient of Mayra Alfonso Physiatry, we will create, receive, and maintain information about you, including your health information. This information is classified as Protected Health Information (“PHI”) and is protected by the Health Insurance Portability and Accountability Act (“HIPAA”). Our specific duties and your rights concerning PHI are detailed in our Notice of Privacy Practices (NPP), which will be provided to you when you become a patient.

Important: The Website, its scheduling tools, and general contact forms are not designed for the submission of sensitive medical details. Please limit the information you share through the Website to what is necessary for us to contact you and coordinate next steps. Please do not send urgent or highly sensitive medical information through web forms or email.

3. Information We Collect

We collect information in a few different ways:

3.1 Information You Provide Directly

Depending on how you interact with us, we may collect:

• Contact Information: Name, email address, phone number, and mailing address.
• Inquiry Details: The content of messages you send to us, your preferred contact method, and details related to scheduling.
• Service-Related Information: General information you choose to share about your mobility goals or functional status when scheduling an initial consultation. Detailed clinical information will be gathered through our professional intake process after initial contact, not through web forms.
• Billing Information: When you pay for services, our payment processor (Stripe) handles your full payment card details. We only receive limited transaction information, such as confirmation of payment.

3.2 Information Collected Automatically

When you use the Website, we automatically collect technical information to ensure its proper functioning and to improve our services:

• Device and Usage Data: IP address, browser type, device identifiers, operating system, pages viewed, and time spent on pages.
• Cookies and Analytics: We use cookies and Google Analytics to operate the Website, remember user preferences, and understand performance and traffic trends. You can control cookies through your browser settings, though disabling them may affect Website functionality. You may also opt out of Google Analytics using Google’s browser add-on.

3.3 Information from Third Parties

We may receive information from third-party service providers, such as:

• Scheduling and Payment Processors: Our scheduling partner (Calendly) and payment processor (Stripe) provide us with scheduling details and confirmation of payment status.
• Referral Sources: If a family member, caregiver, or professional partner contacts us on your behalf, they may provide your contact information.

4. How We Use Your Information

We use the information we collect to:

• Respond to your requests, questions, and scheduling inquiries.
• Provide and administer our Services.
• Communicate with you about appointments and other administrative matters.
• Send administrative communications related to scheduling and services. If you opt in, we may also send informational updates.
• Improve our Website, content, and user experience.
• Maintain the security of our Website, prevent fraud, and monitor for malicious activity.
• Comply with all legal, regulatory, and professional obligations.

We do not sell your personal information.

5. How We Share Information

We only share your information in the following circumstances:

• With Service Providers: We share information with third-party vendors who help us operate our practice, such as for website hosting, email delivery, scheduling (Calendly), payment processing (Stripe), and analytics (Google Analytics). These providers are only permitted to use your information to perform services on our behalf. If these tools are embedded on our Website, they may collect information directly through their own cookies or similar technologies, subject to their own privacy policies.
• With Your Consent: We may share information if you ask us to coordinate with a caregiver, family member, or another provider.
• For Legal and Safety Reasons: We may disclose information to comply with the law, respond to lawful requests, or protect the rights and safety of our practice, our patients, or others.
• In a Business Transaction: If the practice is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with appropriate legal safeguards.

For any HIPAA-regulated disclosures of PHI, we will follow the detailed procedures outlined in our Notice of Privacy Practices (NPP).

6. Data Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, or destruction. However, no system is 100% secure, and we cannot guarantee the absolute security of your information.

7. Your Rights and Choices

Depending on your relationship with us, you may have the right to:

• Request access to or correction of your personal information.
• Opt out of marketing communications by using the unsubscribe link or contacting us directly.
• Request the deletion of your personal information, subject to our legal and operational retention needs.

Requests related to your medical records or PHI will be handled according to the processes described in our Notice of Privacy Practices (NPP). To exercise any of these rights, please contact us using the information provided in Section 12.

8. Data Retention

We retain personal information for as long as is reasonably necessary to fulfill the purposes described in this Policy, comply with our legal and professional obligations (including medical record retention laws), resolve disputes, and enforce our agreements.

9. Children’s Privacy

The Website is not directed to children under the age of 18, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information through the Website, please contact us, and we will take steps to delete it.

10. Third-Party Links

The Website may contain links to third-party websites or services (such as Calendly or Stripe). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with your information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top of this page indicates when it was last revised. We will post any material changes on the Website.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Mayra Alfonso Physiatry, PLLC
Attn: Dr. Mayra Alfonso, Privacy Officer
PO Box 880004
Boca Raton, FL 33434
Email: privacy@drmayraalfonso.com

13. Governing Law

This Privacy Policy is governed by the laws of the State of Florida, U.S.A., without regard to its conflict-of-law principles.