How We Handle Your Personal Information โ A Multi-Country Framework
This policy sets out what data we collect when you visit medical-centers.org/, why, who we share it with, how long we keep it, and the rights you have under U.S. state privacy laws, the UK GDPR & Data Protection Act 2018, Canadian PIPEDA & provincial privacy laws, and the Australian Privacy Act 1988. Read it alongside our Cookie Policy and Disclaimer.
What’s on this page
1. Who We Are
medical-centers.org/ is an independent informational and educational directory of hospitals, clinics, community health centers, urgent care centers, specialty centers, ambulatory surgical centers, and rehabilitation facilities across the United States (primary coverage), United Kingdom, Canada, and Australia. It is operated as a privately-owned editorial publication. We are not affiliated with CMS, HRSA, the Joint Commission, HHS, NIH, CDC, NHS, CQC, NICE, GMC, Health Canada, CIHI, Accreditation Canada, the Australian Department of Health and Aged Care, AIHW, ACSQHC, AHPRA, or any specific medical center, hospital, or health system.
For all privacy and data inquiries, contact: info@medical-centers.org
2. HIPAA โ We Are Not a Covered Entity
The U.S. HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164) and Security Rule apply to "covered entities" โ health plans, healthcare clearinghouses, and most healthcare providers โ and to their "business associates." medical-centers.org/ is none of these. We do not collect, store, transmit, or maintain Protected Health Information (PHI). If you contact us with information about your medical condition, treatment, or health record, that communication is not protected by HIPAA โ but we treat it confidentially under this Privacy Policy and we do not maintain it longer than needed to respond. Please do not send your medical records, treatment history, or specific health information to us โ we cannot use them and we will not store them.
3. FCRA Non-CRA Position
The U.S. Fair Credit Reporting Act (15 U.S.C. ยง 1681 et seq.) regulates "consumer reports" used for "permissible purposes" โ primarily employment, credit, insurance, and tenant screening. medical-centers.org/ does not assemble, evaluate, or sell consumer reports. We do not provide "background checks," physician-verification reports, or facility-credentialling reports for any FCRA-permissible purpose. Information published on our site is general informational content drawn from public agency pages and authoritative public sources โ it is not a "consumer report" in the FCRA sense.
4. Health Data โ We Do Not Process It
Patient health records, treatment histories, prescriptions, diagnoses, lab results, and similar Protected Health Information (PHI) are maintained by your healthcare provider โ your hospital, clinic, GP surgery, or family doctor โ under the laws of your country (HIPAA in the U.S.; UK GDPR & Data Protection Act 2018 with NHS-specific Caldicott guidance; PHIPA Ontario / HIA Alberta / other provincial frameworks in Canada; My Health Records Act 2012 in Australia). We do not request, host, or process your health records. If you want a copy of your medical record, contact your healthcare provider’s medical records or health information management department.
5. What Information We Collect
We collect only what’s necessary to operate the site:
| Category | Examples | How collected |
|---|---|---|
| Server logs | IP address (truncated), user-agent, request path, response code, timestamp | Automatic, every request |
| Analytics | Page views, time on page, click paths, referrer (aggregated) | Google Analytics 4 if you consent |
| Cookie preferences | Your accept/reject choice for analytics and advertising | Cookie banner |
| Functional preferences | Selected country/region, font size, accessibility preferences | Local browser storage |
| Email content | Anything you send to info@medical-centers.org | Direct email from you |
| Advertising data | Frequency capping, ad measurement | Google AdSense if you consent |
We do not collect: your name, address, date of birth, Medicare/insurance number, NHS number, OHIP/MSP/Medicare Australia number, GP/family-doctor identifier, medical condition, diagnosis, prescription, or any sensitive health information unless you choose to email it. We do not require account creation. We do not run client-side fingerprinting beyond what is necessary for security and bot mitigation through Cloudflare.
6. Why We Collect It
- To operate the site โ load pages, prevent fraud, mitigate bots and abuse
- To remember your choices โ cookie consent, accessibility preferences, selected country/region
- To understand what’s useful โ aggregate analytics on which facility pages, country guides, and walkthroughs are read most
- To support display advertising โ frequency capping and basic measurement, with personalised advertising only where you have consented
- To respond to your messages โ when you email us
7. Legal Bases & Multi-Country Framework
The legal foundation for processing depends on your jurisdiction. For visitors in the U.S., processing is based on the necessity of providing the requested service, our legitimate interest in operating the site safely and improving it, and your consent for analytics and advertising cookies. For visitors in the UK, the EU/EEA, Canada, and Australia, equivalent legal bases apply under the UK GDPR, GDPR, PIPEDA / provincial privacy laws, and the Australian Privacy Act 1988 respectively.
9. How Long We Keep Information
| Data type | Retention |
|---|---|
| Server logs (security) | 30 days, then aggregated |
| Analytics data | 14 months (default GA4 retention) |
| Cookie consent record | 12 months from when set |
| Email correspondence | 3 years from last contact, then deleted |
| Functional preferences | Until you clear browser data |
10. Your Rights โ U.S. State Privacy Laws
| State / Law | Citation | Key rights |
|---|---|---|
| California (CCPA / CPRA) | Cal. Civ. Code ยง 1798.100 et seq. | Know, delete, correct, opt-out of sale/sharing, limit use of sensitive information, non-discrimination |
| Virginia (VCDPA) | Va. Code ยง 59.1-575 et seq. | Access, delete, correct, portability, opt-out of targeted advertising / sale / profiling |
| Colorado (CPA) | C.R.S. ยง 6-1-1301 et seq. | Access, delete, correct, portability, opt-out of targeted advertising / sale / profiling |
| Connecticut (CTDPA) | Conn. Gen. Stat. ยง 42-515 et seq. | Access, delete, correct, portability, opt-out of targeted advertising / sale / profiling |
| Utah (UCPA) | Utah Code ยง 13-61 | Access, delete, portability, opt-out of targeted advertising / sale |
| Texas (TDPSA) | Tex. Bus. & Com. Code Ch. 541 | Access, delete, correct, portability, opt-out of targeted advertising / sale / profiling |
| Florida (FDBR) | Fla. Stat. ยง 501.701 et seq. | Access, delete, correct, portability, opt-out of targeted advertising / sale |
| Oregon (OCPA) | ORS Ch. 646A | Access, delete, correct, portability, opt-out of targeted advertising / sale / profiling |
| Other states | Various | Iowa, Tennessee, Indiana, Montana, New Jersey, Delaware, New Hampshire, Kentucky, Maryland, Minnesota, Nebraska, Rhode Island and others have or are implementing comparable laws |
11. Your Rights โ UK GDPR & Data Protection Act 2018
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, UK residents have rights to: (a) be informed about processing; (b) access their personal data; (c) rectification; (d) erasure (“right to be forgotten”); (e) restrict processing; (f) data portability; (g) object to processing; (h) rights related to automated decision-making and profiling. The UK regulator is the Information Commissioner’s Office (ICO) at ico.org.uk. To exercise any right, email us with subject line “Privacy rights request โ UK” and we will respond within one month as required by UK GDPR.
12. Your Rights โ Canada (PIPEDA & Provincial Laws)
The federal Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws (Quebec Act respecting the protection of personal information in the private sector / Law 25; Alberta PIPA; British Columbia PIPA; Ontario’s PHIPA for health-sector personal information) give Canadian residents rights to access, correct, and limit processing of personal information. The federal regulator is the Office of the Privacy Commissioner of Canada at priv.gc.ca. Provincial commissioners cover Quebec, BC, and Alberta and the relevant health-sector frameworks. To exercise any right, email us with subject line “Privacy rights request โ Canada”.
13. Your Rights โ Australia (Privacy Act 1988)
Under the Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs), Australian residents have rights to access and correct personal information held by us, to know how it’s used, and to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. To exercise any right, email us with subject line “Privacy rights request โ Australia”.
14. Children
medical-centers.org/ is not directed to children under 13. The U.S. Children's Online Privacy Protection Act (COPPA, 15 U.S.C. ยงยง 6501โ6506) imposes specific obligations on operators that knowingly collect personal information from children under 13. We do not knowingly collect personal information from children under 13. Equivalent protections apply under the UK Age Appropriate Design Code, Canadian privacy frameworks, and Australian privacy guidance.
15. Security
We use industry-standard technical and organisational measures to protect information:
- HTTPS/TLS encryption for all site traffic
- Cloudflare for DDoS and bot mitigation
- Access controls โ only authorised editorial staff can access logs and email
- Periodic security review of hosting and email infrastructure
- No on-site collection of payment card information, Social Security Numbers, NHS numbers, OHIP/MSP/Medicare Australia numbers, or health records
No internet transmission or storage system is perfectly secure. If we discover a breach affecting personal information, we will notify affected users in accordance with applicable breach-notification laws (state laws in the U.S.; UK GDPR Article 33; PIPEDA Breach of Security Safeguards Regulations in Canada; Notifiable Data Breaches scheme in Australia).
16. International Transfers
Our site is operated from the United States. If you visit from the UK, Canada, or Australia, your information will be transferred to and processed in the United States. We rely on appropriate transfer mechanisms (UK addendum to EU SCCs for UK transfers where applicable; PIPEDA-compliant arrangements for Canadian transfers; Australian Privacy Principle 8 framework for cross-border disclosures). We honour Global Privacy Control (GPC) signals from visitors regardless of location.
17. Changes to This Policy
We update this policy when our practices change or when applicable laws change. Substantive changes are flagged at the top of the page with a new “Last reviewed” date and, for material changes, a notice on the site for 30 days.
18. Contact
For any privacy or data-rights question, email info@medical-centers.org with subject line “Privacy” or “Privacy rights request” plus your country (US/UK/Canada/Australia). See Contact Us for the full list of channels.
Have a Privacy Question or Rights Request?
Email us with subject line “Privacy rights request” and your country. We respond within the legally-required timeframe (45 days under most U.S. state laws; one month under UK GDPR; 30 days under PIPEDA; reasonable time under Australian Privacy Act).
๐ง info@medical-centers.org