This privacy policy outlines how ‘Personally Identifiable Information’ (PII) and Protected Health Information (PHI) are collected, used, protected, and handled across our website and digital platforms.

Information We Collect: When ordering, submitting an inquiry, or registering on our site, you may be asked to enter your name, email address, phone number, loyalty profile details, or other operational details to help you with your experience. To protect your privacy, refrain from submitting private health information (PHI) through the contact form, quizzes, website submissions, or email enrollment. PHI should only be submitted through our secure Patient Intake form.

When and How We Use Your Information: We collect information from you when you subscribe to a newsletter, fill out an intake or contact form, participate in our Loyalty Program, or enter details on our site. We may use this information to process transactions, manage your loyalty profile, or send periodic transactional or operational emails regarding your treatments, orders, or services.

Data Protection and Security: Your personal data is contained behind secured networks and is only accessible by a limited number of authorized individuals bound by strict confidentiality requirements. Sensitive financial credit information is encrypted via Secure Socket Layer (SSL) technology and processed through secure, PCI-compliant gateway providers. We do not store complete credit card numbers on our servers. We run regular malware scanning and follow strict data minimization principles to ensure cybersecurity best practices.

In the event of an unauthorized data breach, Nadir Qazi will notify affected individuals and relevant authorities without unreasonable delay in accordance with federal healthcare breach notification requirements and New York General Business Law § 899-aa and § 899-bb.

NY SHIELD Act Disclosure: Nadir Qazi maintains reasonable administrative, technical, and physical safeguards to protect personal information and will notify affected individuals of any unauthorized access in accordance with New York General Business Law § 899-aa and § 899-bb.

Third-Party Disclosure: We do not sell, rent, trade, or lease your Personally Identifiable Information (PII) or Protected Health Information (PHI) to outside parties for independent commercial marketing purposes. This excludes trusted software hosts, secure transaction processors, financing entities (such as Cherry financing), and operational partners who directly assist us in administering your care or managing our platforms—provided those entities are bound by strict data protection and HIPAA-compliant business associate agreements.

Third-Party Links: This Site may contain integrated links to independent third-party utilities. We do not control the independent content or privacy practices of these outside sites and accept no liability for their operations.

COPPA (Children Online Privacy Protection Act): We do not specifically market to, nor do we knowingly collect data from, children under the age of 13 years old. If we learn that cookie or form data has been inadvertently collected from a child under 13, it will be deleted promptly.

HIPAA Notice of Privacy Practices: As a medical practice complying with HIPAA regulations, we protect your medical records: - We may use and disclose your Protected Health Information (PHI) for treatment, payment, internal administrative healthcare operations, or authorized business transitions (such as a sale or merger). - You have the right to access and obtain a copy of your health record (Designated Record Set), request a chart amendment, request restrictions on certain uses, and request confidential communications. - You have the right to file a formal privacy complaint with Nadir Qazi or the U.S. Department of Health & Human Services if you believe your medical privacy rights have been violated.

Telehealth Exclusion: PHI from telehealth services conducted through Qazi Cosmetic Center’s California facility is governed by Qazi Cosmetic Center’s separate Notice of Privacy Practices and Privacy Policy, not this Policy.

CAN-SPAM Act We collect your email address to respond to inquiries, process transactions, and communicate operational updates or educational/promotional materials if you have opted in. In accordance with CAN-SPAM, we agree to not use false or misleading email subjects/addresses, identify promotional messages as advertisements in a reasonable way, display our physical business address, and honor opt-out and unsubscribe requests quickly via the link at the bottom of each email.

Data Retention: We retain personal information only as long as reasonably necessary for functional business operations, business tax requirements, and healthcare medical record keeping regulations. Clinical charts and PHI are retained for a minimum of six (6) years from the date of last service, or longer if required by New York or federal medical recordkeeping regulations.

Artificial Intelligence (AI) Operational Disclosures: Nadir Qazi may utilize secure, automated artificial intelligence (AI) tools, machine learning plugins, or conversational chat interfaces to enhance Site functionality and assist with general administrative customer inquiries. These customer-facing utilities do not harvest or transmit identifiable Protected Health Information (PHI). Any data submitted to or generated by an online AI utility is processed on an “as-is” basis, carries no clinical liability, and should be verified independently by the user.

Use of Cookies Policy: We utilize a limited set of first-party cookies stored and managed on our secure servers to power core site operations, support basic functional preferences, and monitor internal technical diagnostics (such as page load speeds and error logs). Our operational cookies do not collect, store, or transmit any Protected Health Information (PHI). You may block or delete cookies through your native browser settings at any time; however, blocking essential operational cookies may restrict access to secure portal checkout and scheduling tools. We honor Global Privacy Control (GPC) signals.

Dispute Resolution: All messaging and communications are fully governed by the binding arbitration, class action waiver, fee-shifting, and New York governing law provisions set forth within the master Nadir Qazi Terms of Service, which are fully incorporated by reference into this Privacy Policy.

Loyalty Program: Nadir Qazi’s Loyalty Program is a financial discount program administered solely by Nadir Qazi. Loyalty credits represent a discount on future eligible services and do not involve the sharing of Protected Health Information (PHI) between businesses. No PHI is disclosed to Qazi Cosmetic Center or any other third party in connection with the earning or redemption of loyalty credits, unless such disclosure is separately authorized by you in writing or required for treatment, payment, or healthcare operations under HIPAA.

Medical Disclaimer Reminder The information provided on nadirqazi.com is for general educational and discussion purposes only. It does not constitute formal medical advice, clinical diagnosis, or a surgical promise of treatment outcomes. Interacting with website forms or automated chat features does not establish a formal doctor–patient relationship.

Patient Media & PHI - Clinical Media & PHI: Photographs and treatment media used for clinical evaluation, diagnosis, or care planning are protected as Protected Health Information (PHI) and maintained as part of your legal “Designated Record Set” (DRS).

Office Monitoring and Call Recording For patient safety, clinical quality assurance, security, and operational training purposes, Nadir Qazi records all telephone calls to and from our designated business lines and maintains video monitoring in common areas of our facility, including reception, waiting areas, and hallways. Recording devices are not placed in treatment rooms, restrooms, or private changing areas. By calling Nadir Qazi or entering any facility they are operating in, you consent to these recordings. Call recordings and video footage are stored securely, are not sold or shared with third parties for marketing purposes, and are retained in accordance with applicable law and Nadir Qazi’s internal retention policies. If you have questions about our recording practices, contact contact@nadirqazi.com.

Website Forms Information you submit through contact forms, quizzes, promotional sign-ups, or other non-clinical inquiries on our Site is collected and processed under this Privacy Policy. We may use your contact information to respond to your inquiry, send educational materials, coordinate your care, and, if you have opted in, deliver marketing communications about our services.

Contacting Us: If there are any questions regarding this privacy policy, cookie processing, or your consumer data rights, you may contact our clinical facility using the parameters below:

Nadir Qazi

20271 SW Birch Street, STE 100 Newport Beach, CA 92660 United States -

Website: nadirqazi.com

Email: contact@nadirqazi.com

Phone: 949-336-7293