Introducing Telemedicine! Get Your Medication Mailed Directly To You. Prefer In-Person? Start Virtually and Continue On-site.

Privacy Policy2023-11-17T12:28:08+00:00

This Privacy Statement is designed to tell you about the collection, use, and disclosure of information
related to, and your rights in respect of, the data PAUL M. RIVAS, M.D., P.C., trading as Rivas Medical
Weight Loss Program (“Company”, “We”, or “Us”) collect and process related to your use of our
rivasweightloss.com website, mobile application and other electronic services that link to this Privacy
Statement (collectively the “Service(s)” and such locations or applications, the “Sites”). Please be sure to
read this entire Privacy Statement before using the Service.

Background and overview

The Service collects information and provides information concerning weight loss treatment, and
provides telehealth services where permitted.

General privacy statement

Subject to our more explanatory statement below, we do not sell your personal information and, except
for relationship messaging from us, we do not share your contact information with third parties except
with your consent (opt in).


By registering for or otherwise using the Service, you agree to the terms of this Privacy Statement.
Specifically, you authorize the collection, processing, retention, and disclosure of Information about You
by Company and its affiliates, business partners, and service providers for the purposes described in this
Privacy Statement or as described to you during your interactions with the Service. For example, We
might clarify our practices when you register or when you use the Service, or one of its functions, for the
first time.

Effective Date and Changes to this Privacy Statement

This Privacy Statement is updated as of 11/15/2023. We reserve the right to update this Privacy
Statement. If We update this Privacy Statement, We will use reasonable electronic efforts to advise you of
the change, which may include posting a notice of the change in the Service (for example when you
login), or we may send you an electronic notification of the change. If We notify you by an electronic
communication, We will provide these electronic messages to your last known or provided electronic
communication address (which may be for example, a text message address, X/Twitter user name, or
other site address). You are responsible to review communications we send to those addresses, to
authorize communications from us, and to keep those addresses up to date. Use of the Service after our
notice of a change in the Privacy Statement is acceptance of the terms and changes in the updated Privacy
Statement, which shall, unless expressly prohibited by applicable law (or unless expressly stated in such
changed Privacy Statement), be effective from the inception of your use of the Service.

processes your personal information as described below solely for use in providing services to you. Some
government jurisdictions take a broad view of “sale of personal information” to include use of
anonymized and de-identified data shared with companies such as Google. As noted below, except for
certain anonymous, de-identified data that may be used by such service providers to us in their service,
we do not sell your Personal Information.



Categories of
personal information we collect and the purpose for which
we collect such data:

categories of personal information we collect and associated examples are below:
Category Examples (not exhaustive) Purpose for which we collect and use this
Personal identifiers Name, address and email
We use personal identifiers to communicate
with you, and to verify your identity. We obtain
personal identifiers manually directly from you.
We use this information to provide you our
Services. We use third party contractors under
contracts with us, who assist us to provide the
Service. These contracts with contractors restrict
use of your information to providing the
Services. We currently use:
www.mytime.com – assistance with
appointment scheduling.
– stripe.com – this is our payment
processor where you enter payment information
– jotform.com – this service handles
more detailed information gathering
– unbounce.com – this service creates
landing pages for us when you click on some
links in our emails.
Device information Browser user agent and
internet protocol address
We use Device information to monitor and
improve the Services and user experience and
for analytics. This information is shared with
podium.com (You can view their
privacy policy
at Podium Privacy Policy) and MyTime.com
(You can view their privacy policy from their
main site, mytime.com)
General information Any personal information
you enter into a chat
We use podium.com to provide online chat
services, which bridge between you and our
employees and contractors. The chat session
answers basic questions to facilitate booking.
Chat is saved on Podium.
In addition to the above
personal information, Your
age, weight, gender,
medical history, drug
interactions, occupation,
marital status,
emergency contact,
primary care doctor,
date of last primary care
visit, and similar
Medical information provided to us in the
course of determining a treatment is considered
protected health information (PHI) and we are
required to comply with federal and state laws to
protect this information. When we share this
information with a third party, they are
considered our business associate, and also must
comply with applicable federal and state laws
that protect this information. Our Notice of
Privacy Practices for medical information is a
separate document linked below. We collect
some of this information through a service
provider, jotform.com

Uses of Information about You

We use the information about you to provide the Service, to fulfill your information requests, and contact
you as you have requested. We may also use information about you to improve our programs or the
content of our Service, and for our analysis.

Exchanging information with Other Parties

Except as disclosed above in the section “NOTICE AT COLLECTION” We do not share information
about you with third parties.

Managing Information about You

To keep the information that you provide via this Service accurate, current, and complete, please contact
Us as specified below and We will take appropriate steps to update or correct such information in our
possession, or to make changes to the Information about You so that we no longer contact you for certain
purposes. We may make some or all of these options available in the Service interface, in which case you
will manage your own preferences.

Communicating with You

We may communicate with you through electronic communications and through the Service, such as
through the use of notifications and alerts. You may manage certain other ways in which We
communicate with you. For example, you may subscribe or unsubscribe to certain electronic
communications from Us, such as for notifications and information about updates to the Services. You
may not unsubscribe from administrative Service and electronic messages that We may send, such as to
alert you of changes in our Privacy Statement or Terms of Service.

Special provisions regarding PHI

Our collection, use and disclosure of your protected health information is subject to applicable federal and
state laws, and our policies in connection with that information are set forth separately in our Notice of
Privacy Practices (NPP), which you can find [INSERT LINK]. The privacy practices in that NPP
supersede any conflicting provisions in this policy.

Links to Other Services

The Service may provide hyperlinks and references to other websites or allow you to connect your
information on this Service to such sites. Our Privacy Statement does not apply to those websites, and we
are not responsible for the content or function of those websites. We encourage you to become familiar
with the privacy practices of the other websites that you use.

Contacting Us

We are happy to hear from you. If you have any questions about this Privacy Statement or the practices of
the Service, you may contact our Privacy Officer as noted below.

Other Special Considerations

Technology Logging, Cookies, and Related Techniques

When you interact with the Service, your browser or other device may communicate other technical
information that we use as part of our Services. For example, as you use the Service, your browser or
other device communicates with our technology, which in turn keeps records of your interactivity and
requests for services and content to assist Us in managing and improving the utility of the Service, and to
conduct research and analysis on its use. The types of such interactive information may include your
Internet Protocol (IP) address, browser / device type, URL, requests made, device identification
information, and related technical usage information. We use cookies and other remote side storage
technology (such as clear gifs or web beacons) to authenticate you to the Service, maintain your session,
to analyze how the Service is used, to keep track of your progress in viewing a video or other content, to
link information about how you use the Service with your account, and to help tailor our Services. The
Service may not function properly if your browser or device is configured so it does not accept these
associated cookies and other technical means. The specific cookies and other information collected and
stored regarding your use of the Services is as follows:

– we use Google for site analytics and we use Google fonts. Google stores
numerous cookies on your computer when you browse to our website. These cookies are tokens that do
not display any personal information, but do link you to the session, and provide Google some ability to
track you when you visit other websites. Google’s privacy practices are located at
You may control what information Google collects about
you from there, and may be able to reduce the amount of third party tracking they can do. We are not
responsible for Google’s actions or policies, nor the manner in which they use the cookie information
they store on your computer.

– we use Podium.com to provide chat and other interaction services on our website.
Podium.com places some cookies on your computer to assist it with providing its chat and interaction
services. You can view their privacy policy here: https://legal.podium.com/#privacypolicy-us

– we use MyTime.com to provide scheduling services, and in that connection they
place some cookies on your computer to assist with providing calendaring, reminder, scheduling, and
related services. You can view their privacy policy here: https://mytime.com/m-privacy

– we use Stripe to take payments. Stripe places cookies on your computer to identify
you and your session to ensure that the payment information is recorded correctly. You can view their
privacy policy here: https://stripe.com/privacy

– we use jotform.com to take some personal and medical information from you.
Jotform places cookies on your computer to identify your computer session and ensure that your actual
personal data is linked to you. You can view their Privacy Policy here: https://www.jotform.com/privacy/

– we use this service as a landing page when you click on links in emails we send
you. Unbounce.com stores cookies on your computer to associate you, the email we sent you and the data
created by then coming to our main website. You can view their privacy policy here:

Information about ChildrenThe Service is not intended for use by persons under the age of 16.

Rights under Laws

You may have additional rights under state law to access certain information; for example California
residents may have rights under California Code Section 1798.83. We honor those rights.

Location of Processing

Company is a United States of America business with its core operations in the United States. Information
about You may be processed by Us, our affiliates, business partners, or service providers in the United

Your rights under certain laws

This section describes certain rights you may have under the California Consumer Privacy Act of 2018
(CCPA) as amended by the California Consumer Privacy Act (CPRA), other similar state laws applicable
in the United States, and under Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016 (“GDPR”). Collectively the above referenced laws and regulations are referred to herein
as the “Data Privacy Laws.”

Process for Exercising your rights in Personal Data

For those users of our Services and Sites who are residents of countries in the European Union (or that
have equivalent rights, such as residents of the Great Britain), the State of California, or certain other
states that have adopted laws similar to CCPA/CPRA, we have created the following mechanisms and
practices to provide you with the following control over your personal information that comprises
personal data as defined under GDPR, or personal information as defined under the CCPA/CPRA
(references below to “Personal Data” are meant to also encompass the term “personal information” under
the CCPA/CPRA and similar laws):

A. What are your rights?

  • If any of your Personal Data provided to Company is subject to the Data Privacy Laws, you have a
    number of rights. Further information and advice about your rights can be obtained from the data
    protection regulator in your country (under the GDPR) or typically from your state Attorney General,
    under CCPA/CPRA and other state laws..IMPORTANT: When you contact Company to exercise your
    rights it is very important for security
    verification and other purposes that you use any email address that you know is associated with the
    Personal Data about which you are contacting Company. Be aware that Company may use
    reasonable efforts to verify your identity to ensure that it does not disclose Personal Data to an

    Please also be aware that we cannot search, and therefore cannot locate, any stored documents or
    information that are encrypted in a manner that precludes us from accessing the unencrypted

    1. The right to object to processing of your Personal Data (the right to opt out)

    • You have the right to object to certain types of processing, including processing for direct
      marketing (i.e. if you no longer want to be contacted with potential opportunities from
      third parties).
    • HOW TO EXERCISE YOUR RIGHT: If you want to object to certain types of
      processing, please direct your communication to our Privacy Officer as noted below,
      providing specific and detailed information regarding your objection and requested
    • Be aware that you cannot object to certain types of processing of your Personal Data,
      which limitations are set forth in the Data Privacy Laws. If Company determines that it
      is required to continue to process your Personal Data it will provide you the basis on
      which it has made this determination.

    2. The right to an accounting of the processing (the right to know)

    • You have the right to be provided with clear, transparent, and easily understandable
      information about how we use and process your Personal Data. This is why we are
      providing you with the information in this privacy policy.
    • HOW TO EXERCISE YOUR RIGHT: If you have questions about the privacy policy or
      how Company may be processing your Personal Data, please direct your communication
      to our Privacy Officer as noted below and please be specific and detailed about your
      questions and Company will promptly address those questions.

    3. The right of access

    • you have the right to obtain access to your Personal Data (if we are processing it), and
      certain other information about Our privacy practices with respect to your Personal Data
      (similar to that provided in this Privacy Statement).
    • This is so you are aware and can check that we are using your information in accordance
      with GDPR/CCPA/CPRA or any other applicable data protection laws.
    • HOW TO EXERCISE YOUR RIGHT: If you have questions specific to your Personal
      Data and how Company is using it in accordance with GDPR, CCPA/CPRA or other
      applicable laws, please direct your communication to our Privacy Officer as noted below,
      and please be specific and detailed about your questions and Company will promptly
      address those questions.

    4. The right to rectification

    • You are entitled to have your Personal Data corrected if it is inaccurate or incomplete.
    • HOW TO EXERCISE YOUR RIGHT: If you believe your Personal Data processed by
      Company is incorrect and needs to be updated or otherwise corrected, please check your
      settings with respect to your account, and if you still believe your Personal Data is
      inaccurate, direct your communication to our Privacy Officer as noted below.

    5. The right to erasure (the right to delete)

    • This is also known as “the right to be forgotten” and, in simple terms, enables you to
      request the deletion or removal of your Personal Data where there’s no basis for us to
      continue to process it or to retain it. This is not a general right to erasure; there are
      exceptions as stated in the Data Privacy Laws.
    • HOW TO EXERCISE YOUR RIGHT: If you no longer want Company to have and/or
      process your Personal Data, to the extent we do not provide a self-service means of
      deleting your Personal Data, please direct your communication to our Privacy Officer as
      noted below.
    • (NOTE: Consistent with Data Privacy Laws Company may retain a trivial amount of
      information, for example, to keep a record of its compliance with your request.)

    6. The right to restrict processing

    • you may have rights to “block” or suppress further use of your Personal Data that
      Company processes. When processing is restricted, we can still store your Personal Data
      but may not use it further. We may keep lists of people who have asked for further use of
      their information to be “blocked” to make sure the restriction is respected in future, but
      also be aware that upon making this request, we may terminate your account and delete
      your Personal Data instead of restricting the processing of it.
    • HOW TO EXERCISE YOUR RIGHT: If you want to restrict, or terminate restrictions,
      on Company’s processing your Personal Data, please direct your communication to our
      Privacy Officer as noted below.

    7. The right to data portability

    • You may have rights to obtain and reuse your Personal Data for your own purposes
      across different services. For example, if you decide to switch to a new provider of
      services like the Services from Company that you subscribed to, this enables you to
      move, copy, or transfer your Personal Data.
    • HOW TO EXERCISE YOUR RIGHT: Company may have or may in the future provide
      you with the ability to download your Personal Data. If Company has done so, please use
      these functions to obtain a copy of your Personal Data . If Company has not enabled this
      functionality, and if you want Company to export your Personal Data for portability,
      please direct your communication to our Privacy Officer as noted below.
    • (NOTE: Company will retain and continue to process your Personal Data unless you also
      request to be forgotten or request restricted or blocked processing.)

    8. The right to lodge a complaint

    • You have the right to lodge a complaint about the way we handle or process your
      Personal Data with your national data protection regulator (GDPR/UK) or applicable
      state regulator (under CCPA/CPRA or other state law). However, we hope you will
      contact Company first (by calling or emailing our Privacy Officer as noted below) so
      Company can try to address your complaint directly.
    • HOW TO EXERCISE YOUR RIGHT: If you want to lodge a complaint with Company,
      please direct your communication to our Privacy Officer as noted below.

    9. The right to withdraw consent

    • If you have given your consent to anything we do with your Personal Data, you have the
      right to withdraw your consent at any time. This includes your right to withdraw consent
      to us using your Personal Data for marketing purposes.
    • HOW TO EXERCISE YOUR RIGHT: If you want Company to withdraw your consent
      to process your Personal Data, please either use out functionality in the Sites to make
      such a request, or if we have not enabled such functionality, direct your communication
      to our Privacy Officer as noted below.

    10. The right to be free from discrimination for exercising your rights.

    • We cannot deny goods or services, charge you a different price, or provide a different
      level or quality of goods or services just because you exercised your rights under Data
      Privacy Laws. However, if you refuse to provide your Personal Data to us or exercise
      one of your rights, for example, to delete your Personal Data or restrict its processing,
      and that Personal Data or processing is necessary for us to provide you with services, we
      may not be able to complete that transaction and we may terminate your access to the
    • You may report any claim that we have engaged in discrimination against you to an
      applicable regulator, though we would prefer that you first contact our Privacy Officer as
      noted below so that we may address your concern.

B. Notice regarding costs to exercise rights.

  • First, to the extent Data Privacy Laws requires us to take an action without charging you,
    we will comply with those legal requirements. In some cases we may be permitted to
    charge for some of these services. We usually act on requests and provide Personal Data
    free of charge, but in such cases we may charge a reasonable fee to cover our
    administrative costs of providing the Personal Data, which such costs can arise in one or
    more of the following cases, which are not meant to express all the instances in which we
    may charge a fee:
  • Baseless or excessive/repeated requests, or
  • Further copies of the same Personal Data.
  • Alternatively, we also may be entitled to refuse to act on the request. Please consider
    your request responsibly before submitting it. We will respond as soon as we can.
    Generally, this will be within one month from when we receive your request but, if the
    request is going to take longer to deal with, we will come back to you and let you know.

C. Company’s Retention of Personal Data Under Data Privacy Laws.

    • We only retain your Personal Data for as long as is necessary for us to use your
      information as described above or to comply with our legal obligations and legitimate
      interests. Please be advised that this means that we may retain some of your Personal
      Data after you cease to use our Services. For instance, we may retain your data as
      necessary to meet our legal obligations, such as for tax and accounting purposes.
      Our service is not a backup service. We dot assume an obligation to retain your

      • When determining the relevant period in which we retain or establish/revise periods for
        retaining Personal Data, we will take the following factors into account:
      • Our contractual obligations and rights in relation to the information involved,
        including contractual obligations we may owe to our customer;
      • Legal obligation(s) under applicable law to retain data for a certain period of time
        or with respect to pending or anticipated legal actions;
      • Our legitimate interest where we weigh your interest in controlling your Personal
        Data and against our lawful purpose in processing your Personal Data;
      • Statutes of limitations under applicable law(s);
      • If you have made a request to have your information deleted; and
      • Guidelines issued by relevant data protection authorities.

Otherwise, pursuant to Data Privacy Laws, we will securely erase your Personal Data
once there is no lawful basis or legal obligation to store or process it.

D. Data Security.

  • We have implemented measures designed to secure your Personal Data from accidental loss and
    from unauthorized access, use, alteration, and disclosure. All information you provide to us is
    stored on our secure servers.
  • The safety and security of your information also depends on you. Where we have given you (or
    where you have chosen) a password for access to certain parts of our Sites, you are responsible
    for keeping this password confidential. We ask you not to share your password with anyone.
  • The safety and security of your information also depends on you. Where we have given you (or
    where you have chosen) a password for access to certain parts of our Sites, you are responsible
    for keeping this password confidential. We ask you not to share your password with anyone.

Where noted above when contacting us about privacy matters, please contact our Privacy Officer
Anthony Rosario at:

(410) 760-8400

Google Rating
Based on 1783 reviews