Legal · Privacy Policy

Privacy Policy

Effective date: [TBD]. Last updated: [TBD]. Privacy questions: office@pasadenaclinicalgroup.com · 301 N. Lake Ave STE 600, Pasadena, CA 91101.

1. Introduction

Pasadena Clinical Group ("we," "us," "our," the "Practice") and the "Indemnified Parties" defined in our Terms & Conditions respect your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit our website (best-couples-counseling.com, the "Site"), contact us through forms, or otherwise interact with our online presence. By using the Site you consent to this Privacy Policy and to our Terms & Conditions, including the mandatory mediation followed by binding individual arbitration in Section 11 of the Terms.

This Privacy Policy applies to information collected through the Site. Protected health information (PHI) collected in the course of providing therapy services is governed by our separate Notice of Privacy Practices (HIPAA), the California Medical Information Act (CMIA, Civil Code § 56 et seq.), the federal HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E), and the HIPAA Security Rule (45 C.F.R. Part 164, Subpart C).

This Privacy Policy is informed by, and we strive to comply with, the following frameworks where applicable: the California Consumer Privacy Act of 2018 ("CCPA," Civil Code § 1798.100 et seq.), the California Privacy Rights Act of 2020 ("CPRA"), the California Online Privacy Protection Act ("CalOPPA," Bus. & Prof. Code § 22575 et seq.), the California "Shine the Light" law (Civil Code § 1798.83), the California Data Breach Notification statute (Civil Code § 1798.82), the federal Children's Online Privacy Protection Act ("COPPA," 15 U.S.C. §§ 6501–6506; 16 C.F.R. Part 312), Section 5 of the Federal Trade Commission Act (15 U.S.C. § 45), and other applicable state and federal laws. Where a specific provision of this Policy conflicts with applicable law, the law governs.

2. Information we collect (CCPA/CPRA categories)

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), the categories of personal information we may collect include:

• Identifiers: name, email address, phone number, mailing address, IP address.
• Commercial information: services inquired about.
• Internet/network activity: browser type, pages visited, time spent, referring URL (collected automatically via cookies and analytics, only when you consent — see Cookie Policy).
• Geolocation: approximate location (city/region) inferred from IP address.
• Sensitive personal information (CPRA): health information you may include voluntarily in a contact-form message. We ask you not to include sensitive PHI in form messages.
• Inferences: none drawn from the categories above for profiling purposes.

3. Sources of information

Directly from you (forms, email, phone). Automatically (cookies, server logs). From service providers (e.g. hosting, analytics, when you've consented).

4. Business and commercial purposes for collection

To respond to your inquiries; to provide and improve the website; to comply with legal obligations; to protect the security of the Practice and our visitors; to coordinate care if you become a client (subject to our HIPAA NPP).

5. Sharing and disclosure

We disclose personal information only to: (a) service providers under contract who perform services for us (e.g. website hosting, analytics if consented); (b) professional advisors (legal, accounting); (c) authorities when required by law (subpoena, court order, mandated reports). We do not sell personal information. "Sale" and "sharing" under CCPA/CPRA are defined broadly; if you have accepted analytics or marketing cookies, certain third-party scripts may receive identifiers — we treat that as "sharing" and offer the opt-out below.

6. Your CCPA/CPRA rights

If you are a California resident, you have the following rights:

• Right to know what personal information we have collected, the sources, the purposes, and the categories of recipients.
• Right to delete personal information we have collected, subject to exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of any "sale" or "sharing" of personal information. The footer "Do Not Sell or Share My Personal Information" link opens your cookie/preferences panel.
• Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes beyond providing services.
• Right to non-discrimination for exercising your rights.
• Authorized agents: you may designate an agent to make a request; we will require verification.

To exercise your rights, contact us at office@pasadenaclinicalgroup.com or call (626) 354-6440. We will verify your identity and respond within statutory timelines (45 days, extendable by 45 more if necessary, with notice).

7. Cookies and tracking technologies

Our website uses cookies and similar technologies. See our Cookie Policy for full detail. We do not load non-essential cookies (analytics, marketing) before you grant consent. You can revoke or change consent at any time via the Cookie Preferences link in the footer.

8. Sensitive personal information

Health information is sensitive personal information under CPRA. We collect it only when you provide it directly (e.g. a contact-form message), and we do not use it for purposes other than responding to your inquiry or providing the services you've requested. Once you become a client, your health information is governed by our HIPAA NPP and CMIA.

9. Children's privacy

Our website is not directed to children under 13. We do not knowingly collect personal information from children under 13 (COPPA). California's heightened standard for minors under 16 also applies. If we learn we have collected such information, we will delete it.

10. Data retention

We retain website-collected personal information only as long as necessary for the purposes for which it was collected and to comply with legal obligations. Form submissions are retained for [TBD — typically 1–3 years] unless they become part of a clinical record, which is retained per California medical-records retention requirements (7 years from last date of service for adults; minor + 1 year past age of majority, whichever is later).

11. Security

We implement commercially reasonable administrative, physical, and technical safeguards designed to protect personal information against unauthorized access, use, alteration, disclosure, and destruction, consistent with the HIPAA Security Rule (45 C.F.R. § 164.302–.318), the FTC's data-security guidance, and California Civil Code § 1798.81.5. Measures include encryption of data in transit (TLS), access controls, employee training, vendor due diligence, and breach-response planning. No information system is 100% secure. We do not warrant or guarantee absolute security. In the event of a qualifying breach of unencrypted personal information, we will notify affected California residents and the California Attorney General as required by Civil Code § 1798.82, and will satisfy any additional notification obligations imposed by federal law (including the HITECH Breach Notification Rule, 45 C.F.R. §§ 164.400–.414, when PHI is involved).

12. International transfers

The Site is hosted in and operated from the United States. If we use service providers outside the United States, we use contractual and other appropriate safeguards consistent with applicable law. By using the Site from outside the United States, you consent to the transfer of your information to, and processing in, the United States, where data-protection laws may differ from those in your jurisdiction.

13. Limitation of liability and dispute resolution

Use of the Site is subject to the limitation of liability, indemnification, and mandatory mediation → binding individual arbitration provisions of our Terms & Conditions (Sections 9, 10, and 11), including the class-action and jury-trial waivers therein. Privacy-related disputes (other than those that cannot lawfully be arbitrated, including statutory administrative complaints to the California Attorney General, the California Privacy Protection Agency, or the U.S. Department of Health and Human Services Office for Civil Rights) are governed by those provisions. To the maximum extent permitted by law, neither the Practice nor any other Indemnified Party is liable for any indirect, incidental, consequential, special, exemplary, or punitive damages arising out of or relating to this Privacy Policy or any actual or alleged breach of personal information not caused by the Practice's gross negligence or willful misconduct.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The effective date at the top will reflect the most recent revision. We will provide notice of material changes through the Site and, where required by law, by other reasonable means. Continued use of the Site after the effective date constitutes acceptance of the revised Policy.

15. Filing a complaint

If you believe your privacy rights have been violated, you may contact us at the address below, file a complaint with the California Attorney General's Office (oag.ca.gov/privacy) or the California Privacy Protection Agency (cppa.ca.gov), and, where PHI is involved, the U.S. Department of Health and Human Services Office for Civil Rights (hhs.gov/hipaa/filing-a-complaint). We will not retaliate against you for exercising your privacy rights.

16. Contact

Privacy questions or rights requests: office@pasadenaclinicalgroup.com · (626) 354-6440 · 301 N. Lake Ave STE 600, Pasadena, CA 91101 (attn: Privacy).