Privacy Policy

Effective Date: January 26, 2026

Maria Zilka Holistic Health (“we,” “our,” “us”) values your privacy. This page explains what information we collect, how we use it, and the choices you have when you visit mariazilka.com or engage our virtual holistic-health services (“Services”). By using the site or scheduling with us, you consent to the practices described below.

1. Who We Are

• Legal Name: Maria Zilka Holistic Health
• Business Model: Virtual holistic health consulting (telehealth only)
• Website: www.mariazilka.com
• Contact: Contact Maria
• Phone/Text: (503) 929-7747

2. Information We Collect

• Information you provide directly
  • Name, email address, phone number
  • Completed intake forms, health history, symptom logs
  • Payment details (processed via third-party vendors; we do not store full card numbers)
  • Messages, documents, or files you send to us
• Information collected automatically
  • IP address, browser type, device identifiers
  • Pages viewed and interactions on our site
  • Cookies and similar technologies (see Section 6)
• Information from third parties
  • Scheduling tools (e.g., Calendly)
  • Laboratories or other providers (only with your written consent)

3. How We Use Your Information

• Schedule and deliver telehealth sessions
• Create personalized wellness plans
• Process payments and send invoices
• Send appointment reminders and administrative notices
• Respond to inquiries and provide customer support
• Improve our website and Services through analytics
• With your permission, send resources or marketing emails (opt-out anytime)
• Comply with legal, ethical, or regulatory requirements (e.g., HIPAA)

4. Legal Bases for Processing (GDPR & UK GDPR)

• Performance of a contract (providing the Services you request)
• Legitimate interests (site security, business administration, analytics)
• Consent (marketing emails, sharing data with other providers)
• Legal obligations (maintaining medical or tax records)

5. How We Share Information

• Service providers (video platform, EHR, payment processor, email service) bound by confidentiality agreements
• Other healthcare professionals—only with your explicit written authorization
• Legal authorities if required to comply with laws or protect rights and safety
• Business transfers—if ownership changes, you will be notified and your choices respected

We never sell your personal information.

6. Cookies & Similar Technologies

We use first-party and limited third-party cookies for analytics and core site functionality. You may delete or block cookies in your browser settings; some features may not work properly if you do.

7. Telehealth & Protected Health Information (PHI)

• All sessions occur on HIPAA-compliant video platforms.
• Health records are stored in encrypted EHR systems with restricted access.
• We follow the HIPAA Privacy Rule (45 CFR Parts 160 & 164) and applicable state laws.

8. Data Retention

• Health records: retained for at least the minimum period required by federal or state law (typically 6–10 years).
• Non-health data (emails, analytics): kept only as long as necessary for the stated purpose or as required by law.
• When data is no longer needed, it is securely deleted or anonymized.

9. Security Measures

• Encryption in transit (TLS/SSL) and at rest for sensitive data
• Multi-factor authentication on clinician accounts
• Regular software updates and access audits
• Staff training on privacy and data-protection best practices

No system is 100 % secure, but we take commercially reasonable steps to protect your information.

10. Your Rights & Choices

Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict certain processing of your personal data; receive a portable copy; or withdraw consent for marketing at any time. To exercise these rights, contact us. We may need to verify your identity before fulfilling a request.

11. Children’s Privacy

Our Services are intended for adults 18 +. We do not knowingly collect information from children under 13. If you believe a child has provided us data, please contact us and we will delete it.

12. External Links

Our website may link to third-party sites. We are not responsible for their privacy practices. Review their policies before providing personal information.

13. Updates to This Policy

We may update this Privacy Policy occasionally. The “Effective Date” above shows the latest revision. Significant changes will be announced via email or a notice on our website.

14. Contact Us

Questions or concerns?
Contact Us

This policy is provided for informational purposes and does not constitute legal advice. For specific compliance questions, consult a qualified attorney.