Skip to content Skip to footer
Menu Close
Close
Contact Us

Privacy Policy for GenStarClinical.com


Effective date: October 24, 2025

  1. About GenStar Clinical
    GenStar Clinical, located at 5225 Wilshire Blvd. Ste. 1111, Los Angeles, CA 90036, provides gastroenterology teams to local, city, county, state and federal government facilities, clinics, and hospitals to perform GI medical testing and procedures. We do not contract directly with individual consumer patients. You may contact us at (213) 886-8170 or via privacy-related requests at the email address provided below.

  2. Scope and applicability

  • This Privacy Policy applies to information we collect or receive from you when you visit GenStarClinical.com, submit information through website forms, communicate with us by email or telephone, or otherwise interact with GenStar Clinical in connection with our services to government clients and related facilities. It also covers data collected via cookies and other tracking technologies on our website, as described in section 9.
  • Where PHI (protected health information) is involved, we comply with HIPAA and related regulations as a Business Associate (BA) under a HIPAA-compliant Business Associate Agreement (BAA) with a covered entity, when applicable. See section 6 for HIPAA-related details. (hhs.gov)
  1. Information we collect
    We may collect and maintain the following categories of information:
  • Personal information you provide to us directly (e.g., contact information such as name, job title, organization, address, phone number, email, and any information you submit in website forms or inquiries).
  • Information about your use of GenStarClinical.com (e.g., pages visited, time spent, device type, IP address, and browser type) through cookies and similar technologies (see section 9).
  • Communications you send to us (e.g., emails, voicemails, and messages left via phone or form submissions) and our responses.
  • For our government/healthcare-related operations, PHI or other data as may be provided or created in the course of performing GI testing and related procedures under applicable contracts, laws and BAAs (when applicable). HIPAA-related data handling is described in section 6. (oag.ca.gov)
  1. How we collect information
  • Direct interactions: information you provide in forms, inquiries, vendor registrations, job applications, or other communications.
  • Automated technologies: information collected via cookies, pixel tags, analytics tools, and similar technologies to help us operate, analyze, and improve the site and services (you may manage cookies as described in section 9).
  • Telephone and email: recordings or logs of calls or messages regarding inquiries or service requests, where permitted by law and contract.
  1. How we use information
  • To respond to inquiries, process vendor or service requests, and manage our relationships with government facilities, clinics, and hospitals.
  • To meet contractual obligations and perform GI services for our government clients.
  • To improve our website, services, and communications, including security and risk management.
  • To comply with applicable laws, regulations, and contractual requirements (including recordkeeping for government contracts and healthcare-specific requirements).HIPAA-related uses may include treatment, payment, healthcare operations, and business associate activities as permitted under the BAAs. (hhs.gov)
  1. HIPAA, PHI, and Business Associate considerations
  • If GenStar Clinical acts as a Business Associate (BA) under a HIPAA-covered entity’s notice, we will enter into a BA Agreement that requires us to safeguard PHI, use or disclose PHI only as permitted by the contract or law, and to report certain security incidents. We will implement appropriate safeguards to protect PHI in accordance with HIPAA Security Rule requirements. (hhs.gov)
  • In the event of a breach of unsecured PHI, we will follow HIPAA breach notification requirements in coordination with the covered entity and applicable law, and we will provide breach notifications as required. See HHS guidance on the Breach Notification Rule. (hhs.gov)
  • For information security incident reporting to regulators (including California authorities) in line with state and federal requirements, we follow applicable breach notification laws (see California Civil Code § 1798.82 and related guidance). (california.public.law)
  1. Sharing of information
  • We may share information with service providers, contractors, or consultants who perform services on our behalf (e.g., hosting, analytics, security, contract administration). We require these providers to implement appropriate privacy and security safeguards and, where PHI is involved, to sign BAAs as required by HIPAA.
  • We may share information with government clients and facilities we serve, as necessary to perform GI testing and procedures and to comply with contractual obligations and legal requirements.
  • We may share information to comply with law, prevent fraud or to protect GenStar Clinical, our clients, or others.
  • We do not sell personal information to third parties. If circumstances change, we will provide a new notice and allow you to opt out, as required by CPRA/CCPA. CPRA provides California residents the right to opt-out of the sale or sharing of their personal information, including sensitive information, and requires certain disclosures. For more details on CPRA, see the CPRA/CCPA resources cited in section 11. (oag.ca.gov)
  1. Data retention
  • We retain personal information for as long as necessary to provide services, manage our relationships, respond to inquiries, fulfill contractual obligations, protect our rights, and comply with legal and regulatory requirements (including healthcare and government contracts). The specific retention periods may vary by contract, regulatory requirements, and the type of data involved. When PHI is involved, retention adheres to HIPAA and BAAs. (oag.ca.gov)
  1. Cookies and tracking technologies
  • We use cookies and similar technologies to operate GenStarClinical.com, analyze site usage, and improve user experience. You may manage cookie preferences via the cookie banner or page-level controls; some site features may require cookies to function. For more details about CalOPPA expectations and consumer rights related to tracking, refer to California law and CPPA guidance. (oag.ca.gov)
  1. Data security
  • GenStar Clinical employs reasonable, industry-standard administrative, physical, and technical safeguards to protect information under our control. Access to data is limited to authorized personnel who need it to perform their job responsibilities. We maintain security measures commensurate with the sensitivity of the information (including PHI, where applicable). We also require our service providers to implement appropriate security safeguards. (lacounty-bos-ca.elaws.us)
  1. Your California privacy rights (CCPA/CPRA)
  • California residents have certain privacy rights under the CCPA as amended by CPRA. These include:
    • Right to know about the personal information we collect, use, disclose, and sell (and to request access to that information).
    • Right to deletion of personal information (subject to exceptions).
    • Right to opt out of the sale or sharing of personal information, including sensitive information.
    • Right to correct inaccurate personal information (CPRA addition).
    • Right to limit use and disclosure of sensitive personal information (CPRA addition).
    • Right to non-discrimination for exercising privacy rights.
  • To exercise these rights, you may contact us at the privacy contact below or submit a request through the designated privacy request form on GenStarClinical.com. We will verify requests consistent with applicable law and respond in the timeframe required by law. We may require information to verify identity and authorization to access information related to contract work or PHI, as appropriate. For broader CPRA guidance, see the California Attorney General’s CCPA/CPRA resources and the CPPA’s official site. (oag.ca.gov)
  • Do Not Sell My Personal Information: We do not sell personal information. If in the future we engage in activities that could be considered “sale” or “sharing,” we will provide a clear Do Not Sell option and comply with CPRA requirements. See CPRA/CPPA materials for Do Not Sell obligations. (cppa.ca.gov)
  1. Do Not Track and tracking disclosures
  • In compliance with CalOPPA, we disclose how we respond to Do Not Track signals and similar mechanisms, and we disclose whether third parties collect information about you through our site. If you have questions about Do Not Track, contact us using the information in section 14. (california.public.law)
  1. Children’s privacy
  • GenStar Clinical does not knowingly collect information from children under 16. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete that information in accordance with applicable law. CPRA/CCPA protections and CalOPPA requirements apply to information collected from residents of California, including minors under the applicable thresholds. (oag.ca.gov)
  1. International data transfers
  • Information we collect may be stored and processed in the United States or other jurisdictions where we or our service providers operate. Where required by law, we implement safeguards for cross-border transfers and ensure service providers comply with appropriate data protection standards. HIPAA BAAs may govern PHI transfers when applicable. (oag.ca.gov)
  1. Data breach notification
  • If a data breach impacts personal information (as defined by California law), we will investigate promptly and provide notice as required by law (including California Civil Code §1798.82 for entities that suffer a breach) and applicable state or federal laws. We also coordinate as necessary with regulators and affected individuals in accordance with law and contract. (california.public.law)
  1. How to exercise your rights or contact us
  • Privacy inquiries, requests to know/access, delete, correct, or restrict processing, and opt-out requests should be directed to:
    • Privacy contact: privacy@genstarclinical.com (or use the privacy request form on GenStarClinical.com)
    • Physical mailing address: GenStar Clinical, 5225 Wilshire Blvd. Ste. 1111, Los Angeles, CA 90036
    • Phone: (213) 886-8170
  • We may need to verify your identity or authority to act on behalf of an organization or individual for certain requests, particularly where PHI, contracts, or regulated data are involved. We will respond in the timeframes required by applicable law. See CPRA/CCPA guidance and California DOJ resources for more detail. (oag.ca.gov)
  1. Third-party links and services
  • GenStar Clinical may link to or use third-party services (for hosting, analytics, communications, cloud storage, etc.). We do not control their privacy practices, and you should review their privacy notices. We require service providers to protect personal information and PHI where applicable, and BAAs are used when PHI is involved. (hhs.gov)
  1. Changes to this Privacy Policy
  • We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. If we make material changes, we will provide notice (e.g., on our website) and update the “Effective date” above. Your continued use of GenStarClinical.com constitutes acceptance of the updated policy. For CalOPPA/CPRA purposes, privacy policy changes must be disclosed and the updated policy will include the effective date. (oag.ca.gov)
  1. Governing law and enforcement
  • This Privacy Policy is governed by and interpreted under the laws of the State of California, without regard to its conflicts of laws principles. CPRA/CCPA rights and obligations are administered by the California Privacy Protection Agency (CPPA) and the California Attorney General, as applicable. (cppa.ca.gov)