Last Updated- Friday, July 15, 2025

1. Introduction & About Us

Welcome to Refresh and thank you for accessing our website at refreshpbma.com (hereinafter, the “Site”). This Site is owned and operated by Refresh Palm Beach Medical Aesthetics LLC, Refresh Port St Lucie Medical Aesthetics LLC, and Refresh Vero Beach Medical Aesthetics LLC (collectively, hereinafter referred to as “Refresh”, “we”, “our”, or “us”). Refresh is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your Personal Information when you use our website, www.refreshpbma.com.

We take data protection very seriously and abide by the data privacy regulations including the US California Consumer Privacy Act (CCPA), Children’s Online Privacy Protection Act (COPPA), and EU General Data Protection Regulation (GDPR) and other relevant privacy laws that govern within our jurisdiction.

BY USING THE WEBSITE AND/OR BY CONTACTING US AND PROVIDING ANY PERSONAL INFORMATION, YOU CONSENT TO THE COLLECTION AND USE OF INFORMATION BY US IN ACCORDANCE WITH THIS PRIVACY POLICY, AS WELL AS TERMS AND CONDITIONS. IF WE DECIDE TO CHANGE OUR PRIVACY POLICY, WE WILL POST THOSE CHANGES ON THIS PAGE AND, AT THE TOP OF THIS PRIVACY POLICY, BY INDICATING THE DATE THAT CHANGES WERE LAST MADE.

2. Collection of your Personal Information

We shall request for and retain the following Personal Information. Kindly note that the we require your Personal Information specified below to be able to provide you our Services to the best of our ability.

Personal Information that you may provide us to receive our Service shall include the following;

• Data that may personally identify you, including your photos (before & after), name (first & last), postal address, billing address, shipping address, e-mail address, home, work and mobile telephone numbers, age, date of birth, social security number, insurance policy number, physical characteristics that may personally identify you, sexual orientation, IP address, bank account number, credit or debit card number (for payment purposes only), national origin, ancestry, veteran or military status, medical conditions, race, citizenship, information about any physical or mental disabilities you may have, information regarding your gender at birth and how you currently express your gender identity, information related to your sex life, such as pregnancy, child birth and related medical conditions, (collectively, “Personal Data”);
• Information that you provide us while filling out Treatment specific documentation such as consent forms, treatment plans, notes, appointment history with time-stamps, progress notes and follow-up recommendation. Some forms collect sensitive information, such as health information, necessary for us to provide our services to you;
• Records & copies of your correspondence (including email addresses), if you contact us; and
• Your responses to surveys that we might ask you to complete for research, development, and marketing purposes.

Information we collect automatically: We collect information about you automatically as you navigate through or use our Site. Information collected automatically may include usage details, IP addresses, session replay and recording technology (recording your movements, clicks, etc. on our Site), and information collected through cookies, web beacons, pixels tags, and other

tracking technologies. As you navigate through and interact with our Site, we may use automatic data collection technologies (such as session replay and tracking technologies referred to above) to collect certain information about your equipment, browsing actions, and patterns, specifically:

• Usage Details. Details of your visits to our Site, such as traffic data, location, logs, referring/exit pages, date and time of your visit to or use of our Site, error information, clickstream data, and other communication data and the resources that you access and use on or in the Site.
• Device Information. Information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, and browser type.
• Location Information about your location collected through Geolocation technology. You may disable this functionality on your mobile or web device’s browser by removing permission to use location services at any time.

Collection of the above-mentioned information helps us to improve our Site and to deliver better and more personalized service by enabling us to;

• Estimate our audience size and usage patterns;
• Improve our product and services offering;
• Store information about your preferences, allowing us to customize our Site according to your individual interests; and
• Recognize and/or authenticate you when you return to our

3. Use of Cookies and other technologies

Cookie Use. We may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Site through your computer or mobile device. A cookie is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access or use certain parts of our Site. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Site. For more information on cookies, please visit allaboutcookies.org.

4. How do we use the information we collect?

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection-

Service delivery. We may use your personal information to:

1. Provide, operate and improve the Service by identifying bugs and releasing updates;
2. Communicate with you about the Service, including by sending you announcements, updates, alerts, and support and administrative messages;
3. Training our staff and for resolution of user disputes;
4. Provide user support and maintenance for the Service; and
5. Enable security features of the Sites, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in.

 

Direct Marketing. We may use your personal information to send you Refresh related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications by emailing us at one of the following email-addresses;

For Palm Beach: support@refreshpbma.com

For Port St. Lucie: supportpsl@refreshpbma.com

For Vero: supportvero@refreshpbma.com

For research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business.

To create anonymous data. We may create aggregated, de-identified or other anonymous data records from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

To comply with laws and regulations. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) audit our internal processes for compliance with legal and contractual requirements; (c) enforce the terms and conditions that govern the Service; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, including cyber-attacks and identity theft.

With your consent. In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

5. How do we share the personal information that you provide us?

We may share your personal information with the following third parties and as otherwise described in this Privacy Policy or at the time of collection:

Affiliates. Our subsidiaries, employees, sub-contractors, service providers (such as our payment partners) and affiliates, for purposes consistent with this Privacy Policy. All our subsidiaries, employees, sub-contractors, service providers (such as our payment partners) and affiliates, are bound to follow the terms of a strict Non-Disclosure Agreement (NDA) that they execute with Refresh. Additionally our employees and affiliates are also periodically trained and informed about the best privacy practices for securely handling personal data.

Service Providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as service fulfillment, user support, hosting, analytics, email delivery, marketing, database management services, returns processing and risk and fraud mitigation). One of our key Service Providers is GoHighLevel, a CRM and automation platform that helps us manage client communications, appointment scheduling, and marketing workflows. GoHighLevel may process certain user data solely to facilitate these functions, under our direction. All such Service Providers, including payment processors and automation tools, are bound by strict confidentiality obligations, including a Non-Disclosure Agreement (NDA) with Refresh, and are required to comply with applicable privacy and data protection laws.

Professional Advisors. Professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us. All our professional advisors are bound to follow the terms of a strict Non-Disclosure Agreement (NDA) that they execute with Refresh.

Authorities & Others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate to comply with law or for the compliance, fraud prevention and safety purposes described above.

Business transferees. We may sell, transfer, or otherwise share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets, or in the event of an insolvency, bankruptcy, or receivership.

6. Security of our Services.

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, such as satisfying any legal, accounting, reporting requirements or to provide you with our service. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether those purposes can be achieved through alternative means, and the applicable legal requirements.

7. International Data Transfers

We are incorporated in the USA and all our user personal information is retained in secure servers located in the USA.

8. Children

Our Service is not intended for use by children under 13 years of age (COPPA), and minors below 18 years of age. We do not knowingly collect information about children and minors through the Service. If we learn that we have collected personal information of a child or minor without the consent of such child’s or minor’s parent or guardian as required by law, we will delete it.

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Sites. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the modified version. In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

10. California Consumer Privacy Act (“CCPA”)- For California Users Only

We are required by the California Consumer Privacy Act (“CCPA”) to provide to California residents an explanation of how we collect, use and share their Personal Information, and of the rights and choices, we offer to California residents concerning that Personal Information.

 

1. Personal information that we collect, use, and We do not sell personal information. As we explain in this Privacy Policy, we use cookies and other tracking tools to analyze website traffic and facilitate advertising.
2. Your California privacy rights. The CCPA grants California residents the following rights. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

Information. You can request information about how we have collected, used and shared and used your Personal Information during the past 12 months;

1. The categories of Personal Information that we have collected;
2. The categories of sources from which we collected Personal Information;

• The business or commercial purpose for collecting and/or selling Personal Information;

1. The categories of third parties with whom we share Personal Information;
2. Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient; and
3. Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.

Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.

Deletion. You can ask us to delete the Personal Information that we have collected from you.

You are entitled to exercise the rights described above free from discrimination in the form of legally prohibited increases in the price or decreases in the quality of our Service.

How to exercise your California rights?

You may exercise your California privacy rights described above as follows:

Right to information, access and deletion. You can request to exercise your information, access and deletion rights, by emailing us. We reserve the right to confirm your California residence to process your requests and will need to confirm your identity to process your requests to exercise your information, access or deletion rights. As part of this process, government identification may be required. You will have the ability to request, access or delete your information, by emailing us at one of the following email-addresses;

For Palm Beach: support@refreshpbma.com

For Port St. Lucie: supportpsl@refreshpbma.com

For Vero: supportvero@refreshpbma.com

Request a list of third party marketers. California’s “Shine the Light” law (California Civil Code

• 1798.83) allows California residents to ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide certain information about the companies’ sharing of certain personal information with third parties for their direct marketing purposes during the preceding year (if any). You can submit such a request by sending an email to us. The request must include your current name, street address, city, state, and zip code and attest to the fact that you are a California resident. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. You will have the ability to request a list of third-party marketers by emailing us at one of the following email-addresses;

 

For Palm Beach: support@refreshpbma.com

For Port St. Lucie: supportpsl@refreshpbma.com

For Vero: supportvero@refreshpbma.com

Sharing your Personal Information

We do not sell, trade, or rent your personal identification information to others in accordance with the CCPA. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

California Online Privacy Protection Act (CalOPPA) Compliance

In compliance with the California Online Privacy Protection Act (CalOPPA), we provide California residents with the following additional rights;

1. The right to know what personal information we have collected, used, disclosed, and sold about you; and
2. The right to request the deletion of your personal information, subject to certain exceptions allowed by law.

You will have the ability to enforce your rights by emailing us at one of the following email- addresses;

For Palm Beach: support@refreshpbma.com

For Port St. Lucie: supportpsl@refreshpbma.com

For Vero: supportvero@refreshpbma.com

Biometric Information (For future use)

We currently do not collect or process biometric information, such as facial scans, skin texture data, voiceprints, or other unique biological identifiers. However, if we choose to implement advanced imaging technologies, artificial intelligence (AI)-powered diagnostics, or biometric- based personalization tools in the future, we will-

1. Provide you with clear notice and purpose for such data collection;
2. Obtain your written, informed consent before capturing or storing any biometric identifiers or information; Ensure any biometric data is stored securely, encrypted, and retained only for as long as necessary to fulfill the intended purpose;
3. Comply with all applicable laws, including but not limited to Florida privacy statutes and emerging biometric privacy regulations.

We are committed to ensuring your biometric and personal data are handled with the highest standard of care. Any future collection of biometric information will be governed by an updated version of this Privacy Policy and any applicable Biometric Information Consent Form.

Contact Us

If you have any questions or concerns, or if you wish to share your feedback of our Services with us, you may kindly contact us at the following email addresses-

For Palm Beach: support@refreshpbma.com

For Port St. Lucie: supportpsl@refreshpbma.com

For Vero: supportvero@refreshpbma.com