Privacy Policy
Effective Date: April 10, 2026 Last Updated: April 10, 2026
Introduction
Vascular & Interventional Specialists (“VIS,” “we,” “us,” or “our”) operates the website located at www.vascularcare.com (the “Website”). We are a multi-state interventional radiology practice with locations in South Dakota, Nebraska, Missouri, Illinois, Iowa, Kansas, and Wisconsin.
This Privacy Policy describes how we collect, use, disclose, and protect information obtained through our Website. It applies to all visitors, patients, and users of the Website.
Important: This Privacy Policy covers our website data practices. If you are a patient, please also review our HIPAA Notice of Privacy Practices, which governs how we handle your protected health information (PHI) in the course of providing medical care.
By using our Website, you agree to the practices described in this policy. If you do not agree, please do not use the Website.
Information We Collect
Information You Provide Directly
When you interact with our Website, you may voluntarily provide:
- Appointment request forms — name, phone number, email address, date of birth, zip code, preferred location, reason for visit, new/existing patient status, how you heard about us, and any additional information you choose to share. These forms are hosted by Jotform under a HIPAA-compliant Business Associate Agreement (BAA) with end-to-end encryption.
- Contact form submissions — name, email, phone number, and message content.
- Phone calls — when you call a number displayed on our Website, the call may be routed through CallRail, our call tracking platform. Calls may be recorded for quality assurance and training purposes. A call recording disclosure is provided at the start of recorded calls.
- Email correspondence — any information you include when you email us.
Information Collected Automatically
When you visit our Website, we automatically collect certain technical and usage data through cookies and similar technologies:
- Device and browser information — IP address, browser type and version, operating system, screen resolution, and device type.
- Usage data — pages visited, time spent on pages, referring URL, click patterns, and scroll depth.
- Location data — approximate geographic location derived from your IP address.
- Cookie and tracking data — see our Cookie Policy for a detailed inventory of cookies and tracking technologies used on this Website.
Third-Party Services and Data Processors
We use the following third-party services that may collect or process your data:
Analytics
| Service | Purpose | Data Collected |
|---|---|---|
| Google Analytics 4 (GA4) | Website traffic analysis, audience insights, conversion tracking | Anonymized IP, pages visited, session duration, device info, conversion events |
| Google Tag Manager (GTM) | Centralized management of analytics and marketing tags | No data collected directly; manages when other tags fire based on consent |
| Microsoft Bing UET | Conversion tracking for Bing advertising campaigns | Pages visited, conversion actions, device info |
Call Tracking
| Service | Purpose | Data Collected |
|---|---|---|
| CallRail | Dynamic Number Insertion (DNI) — displays trackable phone numbers to attribute calls to marketing sources | Phone number dialed, caller phone number, call duration, call recording audio, marketing source attribution, caller geographic area |
CallRail uses Dynamic Number Insertion, which means the phone number displayed on our Website may change based on how you arrived at our site. This allows us to understand which marketing channels drive phone inquiries. The underlying business phone number and destination remain the same regardless of the displayed number.
Forms and Patient Intake
| Service | Purpose | Data Collected |
|---|---|---|
| Jotform (HIPAA Gold) | Appointment request and contact forms | All form field data (name, phone, email, date of birth, zip code, reason for visit, etc.) |
Jotform operates under a signed Business Associate Agreement (BAA) with VIS. Form submissions are encrypted in transit and at rest. Staff notification emails do not contain submission data — staff access the secure Jotform dashboard to view submissions.
Customer Relationship Management
| Service | Purpose | Data Collected |
|---|---|---|
| HubSpot | Patient and lead management, appointment follow-up | Contact information, call records (via CallRail integration), form submissions, deal/case tracking |
Advertising Platforms
| Service | Purpose | Data Collected |
|---|---|---|
| Google Ads | Conversion tracking for search advertising | Conversion events (form submissions, calls), anonymized click data |
| Meta Pixel (Facebook/Instagram) | Conversion tracking and audience building for social advertising | Page visits, conversion events, device info, browser data |
Meta Pixel fires only when you have provided explicit consent for marketing cookies via our cookie consent banner.
Hosting and Infrastructure
| Service | Purpose | Data Collected |
|---|---|---|
| Vercel | Website hosting, content delivery, SSL encryption | Server access logs (IP, request path, timestamps) |
| Cloudflare | DNS management, DDoS protection, CDN | DNS query logs, IP address, request metadata |
How We Use Your Information
We use the information we collect to:
- Provide healthcare services — process appointment requests, respond to inquiries, and facilitate patient care.
- Improve our Website — analyze usage patterns, diagnose technical issues, and optimize content and user experience.
- Marketing and advertising — measure the effectiveness of our advertising campaigns, attribute patient inquiries to marketing channels, and deliver relevant advertising on third-party platforms.
- Communication — respond to your inquiries, send appointment confirmations, and provide information about our services.
- Compliance — meet legal and regulatory requirements, including HIPAA, state privacy laws, and advertising regulations.
- Quality assurance — review call recordings to improve patient experience and staff training.
How We Share Your Information
We do not sell your personal information.
We may share your information with:
- Service providers — third-party vendors listed above who process data on our behalf under contractual data protection obligations.
- Business associates — entities that handle protected health information under signed BAAs as required by HIPAA.
- Legal compliance — when required by law, court order, subpoena, or regulatory request.
- Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.
- Safety and rights — when necessary to protect the rights, safety, or property of VIS, our patients, or the public.
Cookie Consent and Your Choices
We use a cookie consent management platform (Complianz) that allows you to control which categories of cookies are active on your device. When you first visit our Website, a consent banner allows you to accept or decline non-essential cookies.
Cookie categories:
- Strictly Necessary — required for the Website to function (cannot be disabled).
- Functional — enable enhanced features like appointment forms and call tracking.
- Analytics — help us understand how visitors use the Website.
- Marketing — enable advertising conversion tracking and audience building.
You can change your cookie preferences at any time by clicking the cookie settings link in the footer of our Website. For full details, see our Cookie Policy.
We honor Google Consent Mode v2, which adjusts the behavior of Google tags based on your consent choices.
Call Recording Disclosure
Calls to numbers displayed on our Website may be recorded through our CallRail call tracking system. Call recording is used for quality assurance, staff training, and marketing attribution. Recorded calls are retained in accordance with applicable state and federal regulations.
VIS operates in multiple states with varying call recording consent laws. Where required by law, a recording disclosure is provided at the start of the call. By continuing the call after the disclosure, you consent to the recording.
Data Retention
We retain your information for as long as necessary to fulfill the purposes described in this policy, or as required by law:
- Form submissions — retained in Jotform’s HIPAA-compliant servers and HubSpot CRM for the duration of the patient relationship and as required by medical record retention laws.
- Call recordings — retained in CallRail in accordance with state medical record retention requirements (typically 6-10 years depending on state).
- Analytics data — retained per Google Analytics and Bing UET default retention periods (typically 14-26 months).
- Marketing data — retained per platform defaults unless you request deletion.
Your Privacy Rights
Depending on your state of residence, you may have the following rights:
All Users
- Opt out of marketing cookies — via our cookie consent banner or cookie settings link.
- Opt out of call recording — by notifying the representative at the start of the call.
- Request information — contact us to ask what personal information we hold about you.
California Residents (CCPA/CPRA)
- Right to know what personal information we collect and how it is used.
- Right to delete personal information (subject to legal exceptions).
- Right to opt out of the “sale” or “sharing” of personal information. We do not sell personal information. Sharing for cross-context behavioral advertising (e.g., Meta Pixel) can be opted out via our cookie consent banner.
- Right to non-discrimination for exercising your privacy rights.
Illinois Residents
- CallRail call recording complies with the Illinois Eavesdropping Act (720 ILCS 5/14), which requires all-party consent. A recording disclosure is provided at the start of all calls to our Illinois locations.
HIPAA Rights
- If you are a patient, you have additional rights under HIPAA regarding your protected health information. See our HIPAA Notice of Privacy Practices.
Children’s Privacy
Our Website is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately so we can delete it.
Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your information, including:
- HTTPS encryption on all Website pages.
- HIPAA-compliant form hosting with end-to-end encryption (Jotform).
- Access controls limiting staff access to patient data.
- Vendor agreements requiring data protection standards.
No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Do Not Track
Our Website does not currently respond to “Do Not Track” browser signals. However, you can control tracking through our cookie consent banner.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Material changes will be communicated via a notice on our Website. Your continued use of the Website after changes are posted constitutes your acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:
Vascular & Interventional Specialists 345 W. Steamboat Dr., Suite 601 Dakota Dunes, SD 57049 Phone: (605) 217-5617 Website: www.vascularcare.com/contact/