Privacy Policy

Effective Date: November, 2025
Last Updated: November, 2025

This Privacy Policy explains how Roy Kim, MD (“we,” “us,” or “our”) collects, uses, and discloses information from visitors to our public website at https://drkim.com (the “Site”).

This Privacy Policy applies only to information collected through this Site. It does not apply to information collected in our office or through our separate electronic medical record system.

This Privacy Policy should be read together with the following documents, which address specific topics in more detail:

• Our Terms of Use, which govern use of the Site.
• Our HIPAA Notice of Privacy Practices, which applies to Protected Health Information (“PHI”) in our medical practice.
• Our California Privacy Rights notice, which describes additional rights for California residents.
• Our Accessibility statement, which describes our commitment to accessible digital content.

If there is any conflict between this Privacy Policy and those documents, the:

• HIPAA Notice of Privacy Practices controls for PHI.
• California Privacy Rights page controls for California-specific rights relating to personal information collected on the Site.
• Terms of Use control for your use of the Site.

PHI / HIPAA Exclusion

We maintain medical records and other Protected Health Information (“PHI”) in a separate, secure electronic medical record (EMR) system that is not integrated with this Site. PHI is governed by HIPAA and our HIPAA Notice of Privacy Practices, not this Privacy Policy.

This Site is not intended to receive, store, or display PHI. Please do not submit medical history, diagnoses, treatment details, or clinical photographs that could qualify as PHI through general Site forms or standard email. If you need to share PHI, use the secure methods or patient portal links we provide.

Information We Collect Through This Site

We may collect information about you when you use the Site, including the categories below.

Information You Provide

You may choose to provide information when you:

• Submit a general inquiry or contact form.
• Request an appointment or consultation.
• Sign up for a mailing list or newsletter.
• Respond to a survey or promotion.
• Otherwise communicate with us using Site forms or listed contact information.

The information you provide may include:

• Identifiers – such as your name, email address, telephone number, and mailing address.
• Communication details – such as the contents of messages or questions you submit.
• Any other information you decide to provide in free-text fields.

We ask that you limit submissions through general Site forms to non-sensitive, non-medical information.

Information Collected Automatically

When you visit or use the Site, certain information may be collected automatically from your browser or device, such as:

• IP address.
• Browser type and version.
• Device type and operating system.
• Referring and exit pages, and pages viewed on our Site.
• Date and time of your visit.
• General location information inferred from your IP address.

This information helps us operate, maintain, and improve the Site, and to maintain its security. We do not use this data to identify you personally except where reasonably necessary for security, fraud prevention, or legal compliance.

Cookies and Similar Technologies

We may use cookies and similar technologies (“cookies”) to operate and improve the Site. These may include:

• Strictly necessary cookies, to support core Site functionality.
• Functional or performance cookies, to understand basic usage patterns (for example, pages visited and typical navigation paths).

As of the Effective Date, we do not use cookies to “sell” personal information or to “share” personal information for cross-context behavioral advertising as those terms are defined under California law. If that changes, we will update this Privacy Policy and, where required, our California privacy notice and user options.

Most browsers allow you to block or delete cookies. If you disable cookies, some parts of the Site may not function as intended.

How We Use Information

We may use information collected through the Site for the following purposes:

• To respond to you – including answering questions, responding to messages, and providing information you request.
• To schedule and manage consultations or appointments that you request through the Site.
• To operate and maintain the Site – including troubleshooting, analytics, and performance monitoring.
• To maintain security and prevent fraud – including protecting the Site, our practice, and other users.
• To comply with law – including responding to legal requests and enforcing our Terms of Use.
• For internal business purposes – such as auditing, quality improvement, and administrative recordkeeping related to website operations.

We do not use personal information collected through this Site to make automated decisions that legally or significantly affect you.

How We Disclose Information

We do not sell personal information and do not share personal information for cross-context behavioral advertising.

We may disclose information to third parties in the following limited situations:

Service Providers
We may disclose information to third-party service providers who perform services on our behalf related to the Site, such as website hosting, security monitoring, email delivery, or basic analytics. These service providers are permitted to use information only to perform services for us and are required to protect it appropriately.

Legal and Safety
We may disclose information if we believe it is required or appropriate to:

• Comply with applicable laws, regulations, or legal processes.
• Respond to lawful requests from public authorities, including for national security or law enforcement requirements.
• Protect the rights, property, or safety of our practice, our patients, visitors, or the public.

Business Transfers
If we are involved in a merger, acquisition, asset sale, or similar transaction, Site-related information may be transferred as part of that transaction, subject to legal requirements.

With Your Direction or Consent
We may disclose information when you direct us to do so or when you otherwise consent.

Your Choices and Rights

General Choices

If you wish to update, correct, or request deletion of personal information you have provided through the Site (for example, your contact details), you may contact us using the information in the Contact Us section below.

We may retain certain information as required by law, to complete transactions you have requested, or for legitimate business purposes such as security and recordkeeping.

California Residents

If you are a California resident, you may have additional rights regarding personal information collected on this Site, including rights to know, access, delete, correct, and (where applicable) opt out. Those rights, along with instructions on how to exercise them, are described in detail on our California Privacy Rights page, which supplements this Privacy Policy.

PHI / Medical Privacy Rights

Rights relating to your medical records and PHI—such as rights to access, amend, and receive an accounting of certain disclosures—are described in our HIPAA Notice of Privacy Practices and are governed by HIPAA and applicable state law, not this Privacy Policy.

“DO NOT TRACK” and Global Privacy Control

Some browsers offer “Do Not Track” (“DNT”) settings. Because there is currently no widely accepted standard for how websites should respond to DNT signals, the Site does not respond to DNT signals at this time.

Where feasible, we treat valid Global Privacy Control (GPC) signals as a request to opt out of the “sale” or “sharing” of personal information. As noted above, we do not sell or share personal information for cross-context behavioral advertising, so a GPC signal generally does not result in a change to your Site experience.

Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect information collected through the Site from unauthorized access, use, or disclosure.

However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of information transmitted to or from the Site.

Data Retention

We retain information collected through the Site for as long as reasonably necessary to:

• Fulfill the purposes described in this Privacy Policy.
• Comply with applicable legal and regulatory requirements.
• Resolve disputes and enforce our agreements, including our Terms of Use.

Retention periods may vary depending on the type of information and the context in which it was collected.

Children’s Privacy

The Site is intended for adults and is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13 via this Site.

If you believe that a child under 13 has provided personal information to us through the Site, please contact us using the details below so that we can take appropriate steps.

If you are under 18, you should use the Site only with the knowledge and consent of a parent or legal guardian.

International Visitors

Our practice is located in the United States, and this Site is intended primarily for individuals located in the United States. If you access the Site from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States, where privacy laws may differ from those in your country of residence.

Third Party Websites or Services

The Site may link to third-party websites or services, or incorporate third-party tools. We do not control and are not responsible for the content, security, or privacy practices of such third parties. Your use of third-party websites and services is governed by their respective terms and privacy policies.

We encourage you to review the privacy policies of any third-party sites you visit.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and revise the “Last Updated” date at the top.

Your continued use of the Site after we post an updated Privacy Policy indicates your acceptance of the revised Policy, subject to applicable law.

Contact Us

If you have questions about this Privacy Policy or our privacy practices relating to the Site, you may contact us at:

Roy Kim, MD – Plastic Surgery

Email: info@drkim.com

For questions about:

• Medical privacy / PHI – please refer to our HIPAA Notice of Privacy Practices.
• California privacy rights – please refer to our California Privacy Rights page.
• Accessibility – please refer to our Accessibility statement.
• Use of the Site – please refer to our Terms of Use.