1. Introduction

Total Vision (“we,” “us,” or “our”) is committed to protecting the privacy and security of the personal information of our patients, website visitors, and users of our services. This Website Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit yourtotalvision.com (the “Website”).

We operate a network of affiliated optometry practices throughout California. As healthcare providers, our affiliated practices are subject to the Health Insurance Portability and Accountability Act (HIPAA). This Website Privacy Policy addresses your rights under California law with respect to personal information collected through our Website. For information about how we handle your protected health information (PHI) in connection with your healthcare, please refer to our HIPAA Notice of Privacy Practices, available at each practice location and upon request from our Privacy Officer, Christopher Crump, at 27271 Las Ramblas, Suite 210, Mission Viejo, CA 92691.

2. Information We Collect

2.1 Personal Information You Provide

We may collect the following categories of personal information when you interact with us through the Website:

  • Identifiers: Name, email address, postal address, phone number, date of birth
  • Commercial information: Records of products or services considered, such as appointment requests or consultation inquiries
  • Internet or electronic network activity: Browsing history, search history, and information regarding your interaction with our Website
  • Geolocation data: General location information derived from your IP address
  • Professional or employment-related information: Insurance and employer information provided in connection with appointment scheduling

2.2 Sensitive Personal Information

In the course of providing services and processing related transactions, we may also collect sensitive personal information, including:

  • Government-issued identification numbers (e.g., driver’s license, state ID)
  • Health and medical information (when submitted through Website forms)
  • Financial account information (when processing payments)

2.3 Information Collected Automatically

When you visit our Website, we may automatically collect device information (browser type, operating system, device type), IP address and general geolocation, pages visited and time spent on pages, referring URLs, and information from cookies and similar tracking technologies (see Section 7).

3. How We Use Your Information

We use the personal information we collect for the following business and commercial purposes:

  • To provide, maintain, and improve our eye care services and Website
  • To schedule appointments and manage patient inquiries across our practice network
  • To process payments and insurance-related transactions
  • To communicate with you about your care, appointments, and our services
  • To send marketing communications (with your consent or as permitted by law)
  • To respond to your inquiries and requests
  • To comply with legal obligations, including HIPAA requirements
  • To detect, prevent, and address fraud, security issues, or technical problems
  • To analyze Website usage and improve user experience

4. How We Share Your Information

We may share your personal information with the following categories of third parties:

  • Service providers: Companies that perform services on our behalf, such as Website hosting, analytics, advertising services, payment processing, and IT support
  • Affiliated practices: Other Total Vision affiliated practice locations as necessary to provide services you have requested
  • Healthcare-related entities: Other healthcare providers, insurance companies, and labs as necessary for treatment, payment, or healthcare operations (governed by HIPAA)
  • Legal and regulatory authorities: When required by law, regulation, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

5. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or share your personal information. We do not sell or share your personal information.
  • Right to Limit Use of Sensitive Personal Information: You may direct us to limit the use of your sensitive personal information to what is necessary to perform the services you have requested.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, you may:

  • Visit our “Do Not Sell My Personal Information” page at yourtotalvision.com/do-not-sell-my-personal-information/
  • Submit a Personal Data Request at yourtotalvision.com/personal-data-request/
  • Request Personal Data Deletion at yourtotalvision.com/request-personal-data-deletion/
  • Contact us using the methods in Section 13 below

We will respond to verifiable consumer requests within 45 days. You may designate an authorized agent to make a request on your behalf.

6. HIPAA and Protected Health Information

As healthcare providers, Total Vision affiliated practices are subject to HIPAA. Your PHI includes information related to your health condition, the provision of healthcare, and payment for healthcare services. Our HIPAA Notice of Privacy Practices details your rights regarding your medical records and is available at each practice location and from our Privacy Officer. Where both HIPAA and the CCPA apply, HIPAA generally governs your medical information. Personal information that is not PHI (such as website browsing data) is governed by the CCPA provisions of this policy.

7. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to improve your experience and analyze site usage:

  • Essential cookies: Required for the Website to function properly, such as session management and security.
  • Analytics cookies: Help us understand how visitors interact with our Website, including how pages are accessed and how long visitors stay.
  • Advertising and performance cookies: Third-party cookies may be placed by advertising networks to deliver relevant content and measure campaign effectiveness. These cookies may collect information about your browsing activity across websites.
  • Functionality cookies: Remember your preferences to provide a more personalized experience.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being placed. Disabling cookies may affect the functionality of certain parts of our Website.

8. “Do Not Track” Signals

Our Website currently does not respond to “Do Not Track” (DNT) browser signals. You can manage your tracking preferences through your browser’s cookie settings and through the opt-out mechanisms described above.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law:

  • Patient health records: Retained in accordance with California law (minimum 10 years from the date of last treatment for adults; until age 19 or 10 years from last treatment, whichever is longer, for minors)
  • Website analytics data: Generally retained for up to 26 months
  • Marketing and communications data: Retained until you unsubscribe or request deletion
  • Payment records: Retained as required by tax and financial regulations (typically 7 years)

10. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include encrypted data transmission (SSL/TLS), secure data storage, access controls, and regular security assessments. No method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children’s Privacy

Our Website is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 through our Website. If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. Under the CCPA, we do not sell or share the personal information of consumers under the age of 16.

12. Links to Other Websites

Our Website may contain links to third-party websites that are not operated by us. We have no control over and are not responsible for the privacy practices of these other sites. We encourage you to review the privacy policy of every site you visit.

13. Contact Us

If you have questions about this Website Privacy Policy, wish to exercise your California privacy rights, or need to request a copy of our HIPAA Notice of Privacy Practices, you may contact us:

  • Email: info@totalvisionllc.com
  • Phone: (949) 652-7230
  • Mail: Total Vision, Attn: Privacy Officer, 27271 Las Ramblas, Suite 210, Mission Viejo, CA 92691
  • Online: yourtotalvision.com/contact-us

14. Changes to This Privacy Policy

We may update this Website Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will post the updated policy on this page and update the “Effective Date” at the top.