MY SPAZIO RELAX

1. Who We Are

My Spazio Relax is a licensed massage therapy and wellness practice owned and operated by Yolimar Malave in Warner Robins, Georgia. As a covered entity or business associate under applicable privacy law, we are committed to maintaining the privacy of your Protected Health Information (PHI) and providing you with this Notice of our legal duties and privacy practices.

2. What Is Protected Health Information (PHI)?

Protected Health Information (PHI) is any individually identifiable health information that we create, receive, maintain, or transmit in any form — oral, written, or electronic. This includes, but is not limited to:

• Your name, address, date of birth, and contact information

• Health history and intake form responses

• Information about your physical condition, medical history, allergies, medications, or injuries

• Appointment records and treatment notes

• Payment and billing information

3. How We Collect Your Information

My Spazio Relax collects personal and health information through:

• Online health intake forms completed before your appointment via our booking platform (GoHighLevel)

• Information you provide during booking, consultation, or the service session itself

• Payment processing through Stripe, our secure third-party payment processor

• Communications via phone, email, or SMS

4. How We Use and Disclose Your Information

My Spazio Relax uses your health and personal information strictly for the following purposes:

4.1 Treatment

To provide you with safe, effective, and personalized massage therapy and wellness services. Your health intake information is used to customize your session and ensure contraindications are identified and respected.

4.2 Operations

To schedule and manage appointments, maintain accurate client records, communicate appointment reminders or follow-up messages, and operate our business efficiently.

4.3 Payment Processing

To process payments for services rendered through our third-party payment processor, Stripe. Payment card information is processed securely by Stripe and is not stored by My Spazio Relax.

4.4 Legal Compliance

To comply with applicable federal, state, or local laws, regulations, or court orders, including Georgia state licensing requirements for massage therapy practitioners.

4.5 Safety

To prevent or lessen a serious and imminent threat to the health or safety of you or another person, as permitted or required by law.

5. Third-Party Service Providers (Business Associates)

My Spazio Relax uses the following third-party platforms to operate our business. These providers are considered Business Associates under HIPAA and are contractually obligated to protect your information:

• GoHighLevel — Our client management, booking, and intake form platform. Client data stored on GoHighLevel is used solely for appointment management and communication.

• Stripe — Our secure payment processing platform. Stripe is PCI-DSS compliant. We do not store full payment card numbers.

We do not sell, rent, share, or disclose your personal or health information to any third party for marketing, advertising, or commercial purposes.

6. Uses and Disclosures That Require Your Written Authorization

We will not use or disclose your PHI for any purpose not described in this Notice without your prior written authorization, except as required by law. This includes:

• Marketing purposes or sale of your information to any third party

• Disclosures to family, friends, or other individuals not involved in your care (unless you authorize it or it is an emergency)

• Any other use not described in Section 4 of this Notice

You have the right to revoke any authorization you have given us at any time, in writing. Revocation will not affect disclosures already made prior to the revocation.

7. Your Rights Regarding Your Health Information

As a client of My Spazio Relax, you have the following rights with respect to your PHI:

7.1 Right to Access

You have the right to inspect and request a copy of your health information maintained by My Spazio Relax. We will respond to your request within 30 days.

7.2 Right to Request Amendments

If you believe your health information is inaccurate or incomplete, you may request that we amend it. We may deny your request if we determine that the information is accurate and complete.

7.3 Right to an Accounting of Disclosures

You have the right to request a list of instances where we have disclosed your PHI for purposes other than treatment, payment, or healthcare operations, for up to six years prior to the date of your request.

7.4 Right to Request Restrictions

You may request that we restrict how we use or disclose your PHI. We are not required to agree to your request, but if we do agree, we will comply with it.

7.5 Right to Confidential Communications

You have the right to request that we communicate with you in a specific way or at a specific location (for example, only by email or only at a certain phone number).

7.6 Right to a Copy of This Notice

You have the right to receive a paper copy of this Notice upon request. This Notice is also available on our website at www.myspaziorelax.com.

7.7 Right to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with My Spazio Relax or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. You will not be penalized for filing a complaint.

To file a complaint with HHS:

• Online: www.hhs.gov/hipaa/filing-a-complaint

• Phone: 1-800-368-1019 (TDD: 1-800-537-7697)

8. How We Protect Your Information

My Spazio Relax takes the security of your personal and health information seriously. We implement reasonable administrative, technical, and physical safeguards to protect your PHI from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

• Secure, password-protected platforms for all digital client records

• Use of HIPAA-compliant and PCI-DSS compliant third-party platforms (GoHighLevel, Stripe)

• Limiting access to PHI to only those with a need to know

• Secure transmission of data via encrypted connections (HTTPS)

9. Data Retention

My Spazio Relax retains client health and personal information for as long as necessary to provide services and comply with applicable Georgia state licensing and recordkeeping requirements. When information is no longer needed, it is securely deleted or destroyed.

10. Changes to This Privacy Notice

My Spazio Relax reserves the right to change this Privacy Notice at any time. Any revised Notice will be effective for all information we maintain, including information created or received before the revision. The current version of this Notice will always be available on our website at www.myspaziorelax.com.

11. Contact Our Privacy Officer

For questions, concerns, or to exercise any of your rights described in this Notice, please contact us:

My Spazio Relax — Privacy Contact

Yolimar Malave, Owner

149 Sourwood Lane, Warner Robins, GA 31093

Phone: (478) 449-2007

Website: www.myspaziorelax.com

12. Client Acknowledgment

By booking an appointment with My Spazio Relax, you acknowledge that you have been provided with or offered access to this HIPAA Privacy Notice, and that you understand how your health information may be used and disclosed. A signed copy of this acknowledgment may be required at your first appointment.