Privacy Policy.

This Privacy Policy governs information collected through this website (drboxrud.com). It does not govern protected health information ("PHI") created or received in the course of providing healthcare, which is described in our HIPAA Notice of Privacy Practices and protected by the federal HIPAA Privacy Rule and the California Confidentiality of Medical Information Act ("CMIA," Cal. Civ. Code § 56 et seq.).

Information you provide directly

• Consultation requests. Name, email address, phone number, area of interest, and any optional notes you submit through the consultation form.
• Email and phone inquiries. Any information you choose to share when contacting the office.

Information collected automatically

• Browser type and version, operating system, device type, and screen dimensions.
• Pages viewed on this site and referring URL.
• IP address (truncated for analytics where supported).
• Approximate geographic location derived from IP address (city or region level).
• Date and time of visit, and session duration.

We use the information described above for the following purposes:

• To respond to consultation requests and inquiries.
• To schedule, confirm, and remind you of appointments if you become a patient.
• To provide medical care and related healthcare services, which is governed separately by our Notice of Privacy Practices.
• To maintain business and patient records consistent with state and federal law.
• To analyze website usage and improve the site's content and functionality.
• To detect, prevent, and respond to fraud, abuse, security, or technical issues.
• To comply with legal obligations and respond to lawful requests.

We do not sell your personal information. We do not use your information for third-party advertising or cross-context behavioral advertising.

We share personal information only as needed to operate the practice and the website, or when required by law.

• Service providers ("processors"). We use a small number of vendors to host this website, process form submissions, and provide analytics. These vendors are contractually limited to using the information solely for the services they provide to us.
• Healthcare operations. If you become a patient, your PHI may be shared with other healthcare providers, laboratories, or insurance carriers as described in our Notice of Privacy Practices.
• Legal compliance. We may disclose information if required by law, subpoena, court order, or to protect the rights, safety, or property of the practice or others.
• Business transfers. In the unlikely event of a sale, merger, or transfer of practice assets, information may be transferred to the acquirer, subject to the same protections described here.

This site uses a minimal set of cookies and analytics tools to understand how visitors interact with the content.

• Strictly necessary cookies. Required for the site to function (e.g., remembering form state).
• Analytics cookies. Used to count visits and traffic sources so we can measure and improve the performance of our site.

We do not place advertising cookies or third-party cross-site tracking cookies. You can block or delete cookies through your browser settings. Blocking cookies may affect site features, including the consultation form.

Some browsers transmit "Do Not Track" ("DNT") signals. There is currently no industry consensus on how to interpret DNT signals. This site does not respond differently based on DNT signals, but as noted above, we do not engage in cross-site tracking or behavioral advertising.

This site may include links to third-party websites (for example, social media profiles, the American Board of Ophthalmology, or peer-reviewed publications). We are not responsible for the privacy practices of those sites. Please review their policies separately.

Embedded content from third parties (such as a map, video, or scheduling widget) may collect information about you, including cookies, and may track your interaction with that content. This collection is governed by the third party's privacy policy, not this one.

You may have the following rights regarding personal information we hold about you, subject to applicable law:

• Access. Request a copy of personal information we hold about you.
• Correction. Request correction of inaccurate or incomplete information.
• Deletion. Request deletion of personal information, subject to legal retention requirements. Medical records have separate retention obligations under California law and federal HIPAA.
• Restrict or object to processing. Request that we limit the use or disclosure of your information.
• Portability. Request your information in a portable format.
• Withdraw consent. Where processing is based on consent, withdraw that consent at any time.
• No retaliation. We will not deny you services, charge different prices, or provide a different level of quality for exercising these rights.

If you are a California resident, you have additional rights under the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA"). In the prior 12 months, we have collected the categories of personal information identified in Section 02 (Identifiers, internet activity, geolocation, and inferences). We collect this information for the purposes identified in Section 03 and share it only as described in Section 04.

• Right to know what personal information we collect and how it is used.
• Right to delete personal information, subject to legal exceptions including medical-records retention.
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information.
• Right to non-discrimination for exercising these rights.

To exercise any of these rights, please contact us using the information in Section 14. We may need to verify your identity before responding.

This site is also subject to the California Online Privacy Protection Act ("CalOPPA," Cal. Bus. & Prof. Code § 22575 et seq.). This Privacy Policy is the operator's privacy policy for purposes of CalOPPA.

We retain personal information only for as long as necessary for the purposes set out in this policy or as required by law.

• Website inquiries. Retained for up to 24 months unless they become part of a patient record.
• Patient records. Retained for the period required by California law (generally at least seven years for adults and longer for minors), federal HIPAA, and applicable insurance and licensure requirements.
• Analytics data. Retained in aggregate, non-identifying form.

We use reasonable administrative, technical, and physical safeguards to protect personal information transmitted through this site, including Transport Layer Security ("TLS") encryption for form submissions. No method of transmission over the internet is fully secure, and we cannot guarantee absolute security.

This website is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided information through this site, please contact us and we will delete it. This complies with the Children's Online Privacy Protection Act of 1998 ("COPPA").

We may update this Privacy Policy from time to time. The "Effective date" at the top of this page reflects the latest version. Material changes will be highlighted at the top of the page for at least 30 days.

If you have questions about this Privacy Policy or our information practices, or to exercise any of the rights described above, please contact us:

Cynthia Boxrud, MD — Privacy Officer
2021 Santa Monica Blvd, Suite 408E
Santa Monica, CA 90404
(310) 829-9060