Privacy Policy of G&G Organization dba PFS Group

and Paid Group LLC dba PatientRev

for Patients of Orlando Health

1. Privacy Policy Overview:

As one of the nation’s leaders in the healthcare account servicing, G&G Organization dba PFS Group (“PFS” “we” or “us”) is committed to conducting its business affairs and relationships according to the rules and guidelines that are compliant with industry regulatory principles set forth by the Department of Health and Human Services (HHS), American Collectors Association (ACA), the Consumer Financial Protection Bureau (CFPB), the Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC) and various state regulatory agencies. We realize the importance of consumer privacy and accept our responsibility to keep patient nonpublic personal information private and safe.

Paid Group LLC, dba PatientRev, is an affiliate company of G&G Organization dba PFS Group and operates as a consumer-friendly enterprise platform that streamlines administrative and billing processes, resulting in improved outcomes for healthcare providers, patients and payers.

PFS Group is the entity operating the PatientRev platform which encompasses the software allowing patients to receive SMS and email reminders and make payments to healthcare providers. All references herein to “PFS Group” shall include “PatientRev”. By using the Platform, you acknowledge that you've read this privacy policy and consent to the handling of your personal information, as described herein.

This Privacy Policy is separate from the Orlando Health Joint Notice of Privacy Practices which details the use and disclosure of individually identifiable health information. PFS Group and its affiliate PatientRev are business associates of Orlando Health and follow HIPAA requirements in handling your information. We are committed to protecting your privacy. We believe that making you aware of how we collect and use your non-public personal information (Personal Information), and to whom it is disclosed will form the basis for a relationship of trust between the public and us. This Privacy Policy provides that explanation.

PFS’ website is located at (its "website") is not intended for individuals less than the age of eighteen and PFS does not knowingly collect data relating to individuals less than the age of eighteen.

Nothing in this Privacy Notice is intended to contradict your rights under the Fair Debt Collection Practices Act. PFS will not disclose any information to third parties that is otherwise prohibited by the FDCPA.

2. The Gramm-Leach-Bliley Act:

On November 12, 1999, the president signed Public Law 106-102, the Gramm-Leach-Bliley Act. (“G-L-B” Act”).

Under the GLB Act, all financial institutions must provide notification to each of their customers outlining their specific privacy policies related to the sharing of nonpublic personal information. If the institution does or intends to share such information with a nonaffiliated third party, they must first provide the customer with the option to request an opt-out. If the customer elects to opt-out, the nonpublic information may not be shared with any nonaffiliated third parties except under certain circumstances.

3. Customer Defined:

A “customer” is a consumer who has a “customer relationship” with the institution. A “customer relationship” means a continuing relationship with the debt buyer or the “financial institution.”

4. Nonpublic Personal Information Defined:

Nonpublic personal information is defined as any personally identifiable financial information provided by the consumer to obtain a financial product; or resulting from transactions with that product; or information the “financial institution” obtains about the consumer in connection with that product (e.g., credit bureau information). For example: Social Security number; driver’s license numbers (in some states); place of employment or work telephone number; non-listed home phone; where the consumer banks; details about the particular account. Other examples of nonpublic personal information include: account balances; payment histories; transaction history; or any information that discloses that this individual has a financial relationship with the institution. This type of information is governed and restricted by the Gramm-Leach-Bliley Act.

5. Public Personal Information Defined:

Public personal information (or information which the “financial institution” reasonably believes is publicly available) can be disseminated without restriction under the Act and regulations; this type of information includes:

Motor vehicle ownership, drivers’ license information (in some states) and real estate ownership data, which have been, derived from public records; addresses and phone numbers from paper or electronic. Information obtained from any website which can be accessed by anyone without restriction (paying a fee for this information is not a restriction). Information about a debtor that is publicly available in court records (e.g., banks successfully garnished for a debtor; employers successfully garnished for a debtor; existence of a debtor’s Chapter 7 or Chapter 13 filings) are examples of “public personal information” not subject to this regulatory regime.

These “public” data can be exchanged with third parties without privacy notices because the data is not “nonpublic personal information.” HOWEVER, as a “debt collector” under the Fair Debt Collection Practices Act (“FDCPA”), there are other restrictions on disclosure of any data about a debtor and his/her debt that are NOT supplanted or superseded by the privacy regulations.

6. Privacy Notifications:

Privacy notifications will be provided on accounts where required by law.

7. Authorized Access to Customer Information:

Access to “customer” information is restricted to legitimate PFS business and is limited to only those employees’ that have a legitimate purpose. All unauthorized access to customer information is strictly prohibited.

8. Skip-Tracing:

The Act does not prohibit the sharing or transfer of “public personal information nor does it prohibit any lawful utilization of such information for legitimate business purposes. However, the Fair Debt Collection Practices Act is applicable to third party disclosures and inquiries.

9. Conformance with Applicable Industry Standards and “Certifications”:

PFS will adapt and comply with the security and operating Standards applicable to the asset recovery industry and required by PFS clients. Such Standards include, but are not limited to, the Payment Card Industry Data Security Standard (PCI-DSS), the ISO27001, the SSAE16 (SOC 1 or SOC 2), and the Gramm-Leach Bliley Act.

10. Information We Collect:

We may have collected the following categories of personal information from consumers within the last 12 months. Inclusion of a category indicates that we may collect some information in that category. It does not mean that we collect all information listed in that category in all situations.

Categories of Personal Information

Examples of Specific Types of Information Collected




A real name, alias, postal address, email address, telephone numbers, Internet Protocol address, account number, Social Security number, date of birth, or other similar identifiers.


Necessary to provide the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

Prevent Fraud

Personal Information Categories

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.


Necessary to provide the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

Prevent Fraud

Protected classification characteristics

Age (40 years or older), veteran or military status


Necessary to provide the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

Internet or other electronic network activity information

Information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.


Necessary to provide the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

Geolocation data

Physical location.


Necessary to provide the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

Professional or employment-related information

Current or past job history.


Necessary to provide the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.


Necessary to provide the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

California Residents - Sensitive Personal Information

Government-issued identifying numbers, such as a driver’s license, passport or social security number, financial account details that allow access to an account, such as a credit card number and access code


Necessary to provide the services

Maintain and service your account

Process Payments

Ensure security and integrity regarding the use of such personal information

Verify or maintain the safety and quality of the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

Non-California Residents - Sensitive Personal Information

Genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, contents of mail email or text messages, biometric data related to your unique identification.


Necessary to provide the services

Maintain and service your account

Process Payments

Ensure security and integrity regarding the use of such personal information

Verify or maintain the safety and quality of the services

Necessary to comply with a legal obligation

Necessary for our legitimate business interests

11. How We Use Your Information

PFS will only use your information if we have your permission or we have another legal reason for using it. These reasons may include:

If we need to pursue our legitimate business interests;

To create or carry outperform our services;

Ensure security and integrity to the extent personal information is reasonably necessary and proportionate to these purposes

Where required by law;

To verify or maintain the quality or safety of the services or account;

To establish, utilize or defend our legal rights.

For example, PFS may use your personal information for authentication purposes, to update your contact information and to process payments on your account. PFS will retain your personal data in line with its retention policy and will delete the information once it is no longer needed, after which it will be deleted or anonymized.

Personal information is collected solely for the purpose of account servicing in a lawful manner and remains part of our records until we determine the information is no longer needed, or we are required by law to delete such information. We will collect the minimum amount of data necessary to collect a debt.

Sensitive personal information is collected only as necessary to perform our services, process payments, maintain or service your account, to ensure security and integrity regarding the use of such personal information, and to verify or maintain the safety and quality of the Services. Sensitive personal information is not collected with the purpose of inferring characteristics about you. We do not collect “sensitive” personal information as that term is defined in certain states.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. We do not sell and will not sell your personal information. We also do not “share” your personal information as that term is defined in the California Privacy Rights Act.

12. We do not sell and will not sell your personal information
13. How We Collect Your Information

PFS collects your personally identifiable information when you update your personal information on the website and when you make a payment, either by credit card or by check.

We collect most of this personal information directly from our clients for whom we provide services to, as well as from you by telephone, written correspondence through the mail, email or fax, by viewing public social media/network pages, or other information available online. However, we may also collect information:

From publicly accessible sources (e.g., property records or court records);

From your transactions with us;

From our service providers (e.g., letter vendor, location vendors, payment processing vendors, call analytics vendor, and/or electronic signature service provider);

Directly from a third party (e.g., third parties contacted during location activities pursuant to 15 U.S.C. §1692b, such as your friends, neighbors, relatives, and/or employer);

Consumer reporting agencies (CRAs)

From a third party with your consent (e.g., your authorized representative and/or attorney); and

From activity on our website.

14. How We Share Your Information

PFS does not disclose personal information it obtains about you, except as provided in this Privacy Policy. PFS may share personally identifiable information obtained on its website with financial institutions, such as banks, credit unions or clearing houses, as necessary to complete transaction that you request.

PFS may share personally identifiable information it collects with its employees who need to know that information to service your account. Except as provided below, PFS does not share or disclose any personally identifiable information to any company or marketing group external to PFS. PFS may share your personal information with third parties to the extent it is reasonably necessary to manage or service your account, verify employment, determine location, process payment, fulfill a transaction, provide customer service, or as otherwise authorized by law. Aggregated information may be derived from your personal data, but does not directly or indirectly reveal your identity.

Further, PFS may disclose personally identifiable information (i) to another entity with which PFS enters or reasonably may enter into a corporate transaction, such as, for example, a merger, consolidation, acquisition, or asset purchase, (ii) to a third party pursuant to a subpoena, court order, or other form of legal process or in response to a request by or on behalf of any local, state, federal, or other government agency, department, or body, whether or not pursuant to a subpoena, court order, or other form of legal process, or in connection with litigation brought against, or on behalf of, PFS, where appropriate, (iii) to a third party if determined by PFS in its sole judgment that such disclosure is appropriate to protect the life, health, or property of PFS or any other person or entity, all in compliance with applicable law, (iv) to third parties as authorized or designated by you, or (v) to conduct any other legitimate business activity not otherwise prohibited by law. The foregoing is not intended to obviate or displace any legal obligations or duties applicable to PFS.

Except as necessary for PFS to provide the services, information, or products requested by a website user, or except for the disclosures identified in the preceding paragraphs, the user may opt out of having his or her personally identifiable information, which has been voluntarily provided to PFS through or from its website, prospectively retained by PFS, used by PFS for secondary purposes, or disclosed by PFS to third parties.

E-mail posted or sent to PFS may not be secure against interception by unauthorized individuals. To protect against interception by unauthorized individuals, or because we cannot verify your identity, we may be unable to respond to e-mail requests concerning accounts placed for collection unless you have requested or authorized us to do so.

Sharing your information with Consumer Reporting Agencies

Consumer Reporting Agencies (CRAs) collect and maintain information on consumer and business credit profiles on behalf of organizations in the United States. We may may carry out periodic searches with them to verify your identity or manage your account.

PFS does not report any past due account to the Credit Reporting Agency. You have a right to obtain an annual copy of your credit file from CRAs by visiting

15. Hyperlinks (Third-party links)

The Website contains hyperlinks that allow you to leave the Website and go to the website of a third-party. PFS has no control over the services and/or websites of third parties that are linked to. The use of these services and/or websites of third parties may be subject to a different privacy statement and/or conditions. This privacy statement of PFS only relates to (personal) data obtained within the framework of the PFS performing services on the account or the Website. PFS does not accept any responsibility or liability for (the operation, content, and/or privacy practices of) services and/or websites of third parties. We suggest you review the privacy policies of any linked websites you visit.

16. How We Use Cookies

PFS may collect certain computer and browser information through automated technologies such as cookies and web beacons when you visit our website. Cookies are small pieces of (text) information that are sent to your browser when you visit the website to identify the browser or to store information or settings in the browser. They are then stored on the hard disk or in the memory of your equipment. The browser can send this information back on your next visit to the website. The cookies placed via the website cannot damage your equipment or the files stored on it. Web beacons (also known as internet tags, pixel tags, or clear GIFs) link web pages to web servers and their cookies may be used to transmit information collected back to a web server.

17. Your Choices

PFS offers you certain choices in connection with the personal data it collects from you, including:

Your PFS Account: You may review, update and correct your contact information, including your telephone number and email address, after logging in to the website, or by calling our office.

Your Choice to Decline Cookies: You may adjust your browser settings to decline cookies if you do not want to accept PFS' cookies. However, declining cookies may affect proper operation of PFS' website.

Your Payments: You can elect not to utilize the payment portal of PFS' website and not to make payments via credit card or check.

If you have any questions regarding any of these choices, please contact PFS.

Our Contact Address is:

PFS Group
2600 North Loop West, Suite 150
Houston, TX 77092

18. How Long We Keep Your Information

PFS will retain your personal data until we determine the information is no longer needed to fulfill the business or legal purposes described in this Privacy Notice, or as otherwise required for legal compliance purposes. Aggregated information may be maintained indefinitely as it does not directly or indirectly reveal your identity.

19. How We Protect Information

PFS has implemented physical, electronic, and procedural security safeguards to protect against the unauthorized release of or access to personal information. We employ internal and external system safeguards designed to protect confidentiality and security of personal information.

The confidentiality of any communication or material transmitted to or from PFS via the website or via e-mail cannot be, and is not, guaranteed. You acknowledge that the technical processing and transmission of the website’s content may be transferred unencrypted and involve: (a) transmissions over various networks; and (b) changes to confirm and adapt to technical requirements of connecting networks or devices.

We will collect the IP Address of all visitors to the PFS website for internal security and other proprietary purposes. We do not release this data outside of our corporate team nor utilize the data other than for internal purposes.

If any questions arise about security, please contact PFS using the information provided above.

20. Your Options

Request to access personal information — You may submit a verifiable request for access to your personal information that we collected about you, subject to certain exceptions. This may include the categories and specific pieces of information collected, the sources of that information and the business or commercial purpose for the collection or disclosure of that information.

Request correction of personal data we hold about you — This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request deletion of personal information - You may request that we delete your personal information, however, state and federal law may prohibit us from deleting personal information, which PFS will disclose to you. You may also request to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.

Object to processing of your personal data — Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms, you may object to processing of such data. You also may to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data — This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party — We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data — However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Automated decision making and profiling — 'Automated Decision Making' refers to credit decisions regarding consumer lending terms or conditions predicated solely on the creditor’s automated processing of personal data. This means credit decisions may be made by a creditor, for example, using software code or an algorithm which does not require human intervention. We do not extend credit or make credit decisions for any person and we do not use your personal data as part of any such automated decision making or profiling when servicing your account.

Non-discrimination — We will not discriminate against you if you exercise any of these rights.

Authorized agent — You can designate an authorized agent to make any of these requests by providing your express written authorization. We must be able to verify your identity and the authorization must include the authorized agent’s name, address, telephone number, and email address (for providing the personal information collected or to respond to a request for deletion).

If you wish to exercise any of these rights, please contact PFS by doing one of the following:

Submit via email to;

By mailing a request to:

PFS Group
2600 North Loop West, Suite 150
Houston, TX 77092

By phone at (713) 784-4410

If you choose to contact directly by [email/phone/in writing], you will need to provide us with:

Enough information to identify you [e.g., your full name, address and customer or matter reference number];

Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and

Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf. To prevent anyone other than you, or your authorized agent, from exercising the options to know or to delete with respect to your personal information, we follow procedures to verify your, or your agent’s, identity. These procedures seek to confirm that the person making a request is the person about whom we have collected personal information or that person’s authorized agent. The verification procedures involve matching data points that you provide with your request against information about you we already have in our records and that we have determined to be reliable for purposes of verifying your identity. We will use information you provide in your completed request form to verify your identity, and we may request additional information if necessary to complete the verification process.

21. Data Controller

PFS is the data controller and responsible for your personal data.

Questions, comments, and complaints about PFS’s data practices can be submitted to:

PFS Group
2600 North Loop West, Suite 150
Houston, TX 77092

Phone: (713) 784-4410

22. Links To Other Websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

23. Privacy Notice Changes

PFS may change this Privacy Notice at any time. Notice of any new or revised Privacy Notice, as well as the location of the new or revised statement, will be posted on the website after the change. It is the obligation of users visiting the website before the change to learn of changes to the Privacy Notice since their last visit.

If there are material changes to the privacy statement or in how we will use your personal data, we will notify you by prominently posting a notice of such changes before they take effect or by directly sending you a notification.

Effective Date: November 15, 2023