1. Who we are

Alfonso Patron DDS (“we”, “us”, “our”) is a dental practice located at 1600 Wilson Boulevard Suite 960, Arlington, VA 22209. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit www.drpatronperio.com or otherwise interact with us online, in compliance with applicable U.S. federal law, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Virginia Consumer Data Protection Act (“VCDPA”), and the data‑breach and consumer‑protection laws of the District of Columbia (“D.C.”).

2. Personal data we collect

We collect information that identifies, relates to, describes, or could reasonably be linked to an individual (“personal data”). This includes:

• - **Contact Information:** Name, email, phone, mailing address.

• - **Health Information (HIPAA “Protected Health Information”):** Medical history, insurance details, reason for visit, treatment records (collected only through secure forms or via our patient portal).

• - **Usage Data:** IP address, browser type, device ID, pages visited, time on site, referring URL.

• - **Marketing Preferences:** Records of your consent or opt‑out to receive communications.

We use cookies, pixels, and analytics tools (e.g., Google Analytics, Meta Pixel) to collect Usage Data. You can control cookies through your browser settings.

3. How we use personal data

• - **Provide Services:** Schedule appointments, deliver dental care, manage billing/insurance.

• - **Legal & Regulatory Compliance:** Maintain medical records as required by HIPAA, state dental boards, tax and consumer‑protection statutes.

• - **Practice Operations:** Monitor website performance, detect fraud, and improve services.

• - **Marketing (with consent):** Send newsletters, oral‑health tips, and promotional offers.

• - **Analytics & Targeted Advertising:** Measure the effectiveness of our content and ads. You may opt out—see Section 7.

4. Lawful bases for processing

For residents of Virginia, we process personal data under one or more lawful bases identified in the VCDPA, including (i) to perform a service requested by you, (ii) to comply with legal obligations, (iii) with your consent, or (iv) for our legitimate interests when these do not override your rights and freedoms.

5. Sharing & disclosure

We do **not** sell personal data. We disclose it only:

• - To service providers (IT hosting, analytics, appointment systems, email platforms) bound by confidentiality and data‑processing agreements;

• - To insurers or referring healthcare providers at your direction;

• - As required by law, court order, or to protect health and safety;

• - In connection with a business transfer, merger, or acquisition (with notice to you where required).

6. Data retention

Clinical records are retained for the minimum period mandated by federal and state law (at least 6 years under HIPAA; up to 10 years under certain state regulations). Marketing and analytics data are kept until the earlier of (i) the data no longer serves the purpose collected, or (ii) you exercise your deletion or opt‑out rights.

7. Your privacy rights

**Virginia Residents (VCDPA):** You have the right to:

• - Confirm whether we process your personal data and access it;

• - Correct inaccuracies;

• - Delete personal data provided by or obtained about you;

• - Obtain a copy of your data in portable format;

• - Opt out of (i) the processing of personal data for targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects.

We will respond within 45 days of receiving a verified request (extensions permitted by law).

**District of Columbia Residents:** You are entitled to receive notice of data breaches affecting your personal information (D.C. Code § 28‑3851 et seq.) and may have additional rights under local consumer‑protection laws. Contact us to exercise applicable rights.

To submit a rights request, email **apatrondds@gmail.com ** or call **703 465 5080**. We may verify your identity before acting on your request.

8. Security safeguards

We maintain administrative, technical, and physical safeguards: SSL/TLS encryption, HIPAA‑compliant hosting, access controls, and regular staff training to protect personal data from unauthorised access or disclosure.

9. Children’s privacy

We do not knowingly collect personal data from children under 13 online. Parents or guardians may contact us to review or delete a child’s information.

10. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or in the law. When we do, we will revise the “Last updated” date and post the new policy on our website.

11. Contact us

If you have questions about this Privacy Policy or your personal data, contact:

- Email: apatrondds@gmail.com

- Phone: +1 (703) 465 5080

- Address: 1600 Wilson Boulevard Suite 960 Arlington, VA 22209.