RR yelp tiny lossy.jpg

Website Privacy Policy

RiverRock Medical Clinic, PA

Introduction
The purpose of this document is to outline how RiverRock Medical Clinic complies with its confidentiality and privacy obligations. RiverRock Medical Clinic will make this Privacy Policy available to anyone who asks for it. It is available online at https://riverrockmedical.com/privacy-policy.

This is a separate document from our Office Privacy Policy, which applies to our patients, not users of our site. Per our Website Terms of Use, continued use of our website constitutes agreement and acceptance of this website privacy policy.

On the RiverRock Website(s), including but not limited to riverrockmedical.com and drhakeem.com, we collect the information needed to process transactions and manage online accounts (Name, Billing information, Shipping Information, email).  We keep to a minimum the amount of data we collect. We do not share that data with anyone, in any format.

Our contact forms and wait list forms are actually google form embeds, from our RiverRock G-Suite account. That data is encrypted both in transit and at rest, and we have signed a confidentiality agreement with Google that meets HIPAA requirements for security in transmitting and storing personal health information. Again, we collect an e-mail address, so that we can reply, and the rest of the information is only what the user sends us, and that information is securely stored on our HIPAA-secured account. It is never shared unless the user specifically requests for it to be shared with another person or entity.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. Visitor comments may be checked through an automated spam detection service.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

If you upload images or other media to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Articles and pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

In particular, we use Google Analytics to collect anonymized browsing data, so that we can monitor the site usage and improve the site experience. Google’s Analytics privacy policy can be found at google.com/policies/privacy/partners. You can opt-out of Google’s Analytics tracking by visiting and installing their opt-out addon at https://tools.google.com/dlpage/gaoptout.

More information can be found at https://support.google.com/analytics/answer/6004245.


Plugins

A few of our plugins also use Cookies and Collect information. We may add plugins to improve the site, and we will update this policy to reflect the policies of those plugins. Users cannot opt-out of plugin use individually, as each plugin is a part of the RiverRock site. Their individual Privacy Policies follow, except where those policies overlap; repetitive sections between different plugins are deleted for brevity:

Woocommerce

This plugin uses cookies to keep track of cart contents while users are browsing our site.

We are also required to keep the information related to charges (Name, email, billing and shipping information) for tax purposes for at least 7 years. That information (the charge amount and name) resides on our servers, protected by our security measures as detailed below.

WP Ultimate Recipe

When user ratings are enabled we store a WPURP_User_Voted_%recipe% cookie (with %recipe% the ID of the recipe) that contains the rating this user has given to a particular recipe. This cookie is used as (one of the) measures to prevent rating spam.

When the User Menus feature is enabled we store WPURP_Shopping_List_Recipes_v2, WPURP_Shopping_List_Servings_v2 and WPURP_Shopping_List_Order_v2 cookies to be able to show the same shopping list to a guest on later visit. This does not contain any personal data.

When the Meal Planner feature is enabled we store WPURP_Meal_Plan_ID and WPURP_Meal_Plan_ID_%id% cookies to be able to show the same meal plan to a guest on later visit. This does not contain any personal data.

When user ratings are enabled we store the IP address upon voting. This is used as (one of the) measures to prevent rating spam.

When enabling the share buttons or any of our partner integrations you will be including their code on your website. By doing so you're agreeing to their Terms of Use and Privacy Policy. For the share buttons this can be Twitter, Facebook, Google+, Pinterest, StumbleUpon and LinkedIn. For partners integrations we have MediaVine, AdThrive, BigOven, Food Fanatic, Yummly and Chicory. All can disabled on the settings page.

Fonts in the recipe templates will be loaded from the Google Web Font API (fonts.googleapis.com) unless changed in the Template Editor. You will be agreeing to their Terms of Use and Privacy Policy.


Credit Card Charge Information

We never store your credit card information on our site. For all transactions, an encrypted (hashed) token of your credit card information is created, and that token is sent to your bank, along with the charge request. Your bank then sends back approval or denial of that charge. At no time is your actual credit card number stored on our site.

Security Measures and Certification

Our site is PCI/DDS certified and secure, and meets all the requirements for charging credit cards.

Our site is entirely run over SSL/TLS, and cannot be accessed using non-secure protocols. This is another layer of security that prevents anyone (such as a coffee-shop hacker) from snooping on your use of our site.

Login and Admin Account Protection

We also block all standard methods of login, except through google. This allows us to offer features such as 2-factor authentication(2FA), with google authenticator app, or U2F-FIDO security keys. Our users can opt-in anytime. All of our administrator accounts are required by our organization to use 2FA with U2F, the most secure known method of securing an account. Furthermore, all administrator passwords are required to be more than 20 characters in length, to prevent brute force attacks.

Accessing your information, complaints and obtaining further information, or requesting corrections or deletion of your information
If any patient has questions, concerns or complaints, they may contact us at any time, by phone, mail, or fax:
(512) 213 - 0700
711 W. 38th St., Suite D1, Rm 105
Austin, TX 78705
Fax: (512) 501 – 1060
E-mail: privacy@riverrockmedical.com