Privacy Policy

Introduction

Relationship Counseling Center of California (“we,” “us,” “our,” or “RCCC”) is committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://relationshipcounselingcenterofcalifornia.com/, use our services, or interact with us in any way.

As a mental health practice, we take your privacy seriously and comply with all applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and when applicable, the General Data Protection Regulation (GDPR).

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our website or services.

1. Information We Collect

We collect several types of information from and about users of our website and services. The information we collect falls into two main categories: information you provide to us directly and information we collect automatically.

1.1 Information You Provide Directly

1.2 Information We Collect Automatically

When you visit our website, we automatically collect certain information about your device and how you interact with our site:

• Device Information: IP address, browser type and version, operating system, device type, unique device identifiers
• Usage Data: Pages viewed, time spent on pages, links clicked, referring website, search terms used
• Location Data: General geographic location based on IP address (city/state level, not precise location)
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 7 and our Cookie Policy for details)

2. How We Use Your Information

We use the information we collect for various purposes related to providing and improving our services:

2.1 To Provide and Manage Services

• Process appointment requests and schedule consultations
• Communicate with you about your appointments and services
• Provide therapy services and clinical care (for established patients)
• Process payments and manage billing
• Verify insurance coverage and submit claims
• Respond to your inquiries and provide customer support
• Send appointment reminders and follow-up communications

2.2 To Personalize Your Experience

• Customize website content and recommendations based on your interests
• Provide personalized therapy service recommendations based on quiz results
• Remember your preferences and settings
• Tailor our communications to your needs and interests

2.3 To Improve Our Website and Services

• Analyze how visitors use our website to improve functionality and user experience
• Conduct research and analytics to enhance our services
• Monitor and improve website performance and security
• Identify and fix technical issues
• Test new features and functionality

2.4 To Communicate With You

• Send informational emails about our services (if you’ve opted in)
• Provide newsletters and mental health resources (with your consent)
• Send administrative notifications about policy changes or service updates
• Respond to your questions, comments, and feedback

2.5 For Legal and Safety Purposes

• Comply with legal obligations and regulatory requirements
• Protect the rights, property, and safety of RCCC, our clients, and others
• Enforce our terms of service and policies
• Prevent fraud and unauthorized access
• Respond to legal requests from law enforcement or government authorities

3. HIPAA and Protected Health Information

As a covered healthcare provider, Relationship Counseling Center of California complies with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

3.1 What Is Protected Health Information (PHI)?

Protected Health Information (PHI) is individually identifiable health information that we create, receive, maintain, or transmit in the course of providing healthcare services to you. This includes:

• Information about your mental health condition, diagnosis, or treatment
• Clinical notes and therapy session records
• Treatment plans and progress notes
• Prescriptions and medication information
• Insurance and billing information related to healthcare services
• Any other health information that can be linked to you individually

3.2 How We Protect PHI

We maintain strict physical, technical, and administrative safeguards to protect your PHI:

• Electronic health records are stored on secure, encrypted servers
• Access to PHI is limited to authorized personnel who need it to perform their job duties
• All staff receive regular HIPAA training
• We use secure, HIPAA-compliant communication platforms for client interactions
• Physical records are stored in locked, access-controlled areas
• We regularly review and update our security practices

3.3 How We Use and Disclose PHI

We will use and disclose your PHI only as permitted or required by law. Common uses and disclosures include:

Uses and Disclosures With Your Authorization:

• Treatment: Providing, coordinating, or managing your healthcare services
• Payment: Billing activities, claims processing, and payment collection
• Healthcare Operations: Quality improvement, training, and business operations

Uses and Disclosures Without Your Authorization (as permitted by law):

• When required by law (such as reporting child abuse or threats of serious harm)
• For public health activities
• In response to court orders or legal proceedings
• To law enforcement in specific circumstances required by law
• To prevent a serious threat to health or safety

3.4 Website Information vs. PHI

Important: Information you provide through our website (such as contact forms or quiz responses) before becoming an established patient is generally NOT considered PHI and is governed by this Privacy Policy rather than HIPAA. Once you become a patient and enter into a therapeutic relationship with us, information related to your care becomes PHI and is protected under HIPAA.

4. Information Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information only in the following limited circumstances:

4.1 Service Providers

We may share information with trusted third-party service providers who perform services on our behalf, such as:

• Technology Providers: Website hosting, email services, customer relationship management (CRM) systems
• Payment Processors: Secure payment processing and billing services
• Analytics Providers: Google Analytics and other analytics services (see Section 8)
• Communication Tools: Appointment scheduling systems, secure messaging platforms

These service providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize. Service providers handling PHI sign Business Associate Agreements as required by HIPAA.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, including:

• Court orders, subpoenas, or other legal processes
• Requests from law enforcement or government authorities
• To comply with applicable laws and regulations
• To protect our legal rights and defend against legal claims

4.3 Emergency Situations

We may disclose information when we believe it is necessary to:

• Prevent imminent harm to you or others
• Report suspected abuse or neglect as required by law
• Comply with mandatory reporting requirements

4.4 Business Transfers

If RCCC is involved in a merger, acquisition, sale of assets, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as:

• Sharing information with other healthcare providers involved in your care
• Providing information to family members you’ve authorized
• Participating in research studies (with your explicit consent)

5. Data Security

We implement comprehensive security measures to protect your personal information and PHI from unauthorized access, use, disclosure, alteration, or destruction.

5.1 Technical Safeguards

• Encryption: We use industry-standard SSL/TLS encryption for data transmitted over the internet
• Secure Servers: Data is stored on secure servers with encryption at rest
• Access Controls: Multi-factor authentication and role-based access restrictions
• Firewalls: Network firewalls to prevent unauthorized access
• Regular Updates: Security patches and software updates are applied promptly
• Monitoring: Continuous monitoring for security threats and suspicious activity

5.2 Administrative Safeguards

• Regular HIPAA and privacy training for all staff
• Written policies and procedures for handling personal information and PHI
• Regular risk assessments and security audits
• Incident response plans for data breaches
• Background checks for employees with access to sensitive information
• Confidentiality agreements signed by all staff and contractors

5.3 Physical Safeguards

• Secure, locked facilities with controlled access
• Physical records stored in locked file cabinets
• Secure disposal of physical documents (shredding)
• Video monitoring of sensitive areas
• Visitor logs and access controls

5.4 Data Breach Notification

In the unlikely event of a data breach involving your personal information or PHI, we will:

• Notify affected individuals without unreasonable delay as required by law
• Notify appropriate regulatory authorities (such as the HHS Office for Civil Rights for HIPAA breaches)
• Take steps to mitigate harm and prevent future breaches
• Provide information about what happened and what you can do to protect yourself

6. Your Privacy Rights

You have certain rights regarding your personal information. The specific rights available to you may depend on your location and applicable laws.

6.1 Rights Under California Law (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: You can request information about the personal information we have collected about you, including categories of information, sources, purposes, and third parties we share it with
• Right to Access: You can request a copy of the specific personal information we have collected about you
• Right to Delete: You can request that we delete your personal information (subject to certain exceptions)
• Right to Opt-Out: You can opt out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights
• Right to Correct: You can request correction of inaccurate personal information

How to Exercise Your Rights: To exercise any of these rights, please contact us using the information in Section 13. We will respond to your request within 45 days. You may designate an authorized agent to make requests on your behalf.

6.2 Rights Under European Law (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation:

• Right of Access: You can obtain confirmation of whether we process your personal data and access that data
• Right to Rectification: You can request correction of inaccurate personal data
• Right to Erasure: You can request deletion of your personal data (subject to legal exceptions)
• Right to Restriction: You can request that we restrict processing of your personal data
• Right to Data Portability: You can receive your personal data in a structured, commonly used format
• Right to Object: You can object to processing of your personal data for certain purposes
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time
• Right to Lodge a Complaint: You can file a complaint with a supervisory authority

6.3 General Privacy Rights (All Users)

Regardless of your location, you have the following rights:

• Right to Update Information: You can update or correct your contact information at any time
• Right to Opt-Out of Marketing: You can unsubscribe from marketing communications
• Right to Control Cookies: You can manage cookies through your browser settings (see Section 7)
• Right to Ask Questions: You can contact us with questions about our privacy practices

6.4 HIPAA Rights (Patients)

If you are an established patient, you have additional rights under HIPAA regarding your Protected Health Information. Please see Section 3.3 and request our Notice of Privacy Practices for complete details.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and improve your experience on our website.

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us remember your preferences, understand how you use our site, and provide functionality.

7.2 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality (session management, security)
• Analytics Cookies: Help us understand website usage and performance (Google Analytics)
• Functional Cookies: Remember your preferences and enable features (quiz progress, settings)

7.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View and delete cookies
• Block cookies from specific sites
• Block third-party cookies
• Clear cookies when closing your browser

Please note that blocking or deleting cookies may affect website functionality.

8. Third-Party Services

We use various third-party services to operate our website and provide services. These third parties may collect information about you as described below.

8.1 Google Analytics

We use Google Analytics to analyze website traffic and understand how visitors use our site. Google Analytics collects information anonymously and reports website trends without identifying individual visitors.

Google Analytics uses cookies to collect information such as:

• How long you spend on our site
• Which pages you visit
• How you arrived at our site
• Your general geographic location
• Your device and browser type

To opt out of Google Analytics tracking, you can install the Google Analytics Opt-out Browser Add-on.

8.2 Google Search Console

We use Google Search Console to monitor and maintain our website’s presence in Google search results. This service helps us understand how people find our website and identify technical issues.

8.3 Quiz and Assessment Tools

We use third-party quiz and assessment tools to help visitors determine which therapy services may be appropriate for their needs. These tools may:

• Collect your responses to assessment questions
• Store your progress through multi-page assessments
• Use cookies to remember your responses
• Generate personalized recommendations based on your answers

Information collected through these tools is used solely to provide you with service recommendations and is not shared with third parties for marketing purposes.

8.4 Payment Processors

We use secure, PCI-compliant third-party payment processors to handle credit card transactions. We do not store complete credit card numbers on our servers. Payment processors have their own privacy policies governing their collection and use of your payment information.

8.5 Email Service Providers

We use email service providers to send communications (such as newsletters, appointment reminders, and service updates). These providers have access to certain contact information necessary to deliver emails on our behalf.

8.6 Electronic Health Records (EHR) Systems

For established patients, we use HIPAA-compliant electronic health records systems to maintain your clinical information. These systems are covered by Business Associate Agreements and are subject to strict security and privacy requirements.

9. Children’s Privacy

Protecting children’s privacy is important to us. Our website is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our website.

9.1 Information Collection from Minors

While we provide therapy services to children and adolescents, information about minor clients is collected through parents or legal guardians, not directly through our website from minors.

9.2 Parental Rights

Parents and legal guardians have the right to:

• Review personal information we have collected about their minor child
• Request deletion of their child’s personal information
• Refuse to permit further collection of their child’s information
• Access their minor child’s therapy records (subject to state laws regarding adolescent confidentiality)

9.3 If We Learn of Information from Children Under 13

If we become aware that we have inadvertently collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible. If you believe your child has provided information to us, please contact us immediately.

9.4 Adolescent Confidentiality

For adolescent clients (typically ages 13-17), California and other state laws provide certain confidentiality rights. We balance these rights with parental involvement in accordance with applicable laws and ethical standards. For more information about adolescent confidentiality in therapy, please contact us directly.

10. Data Retention

We retain your information for different periods depending on the type of information and the purposes for which we use it.

10.1 Website Information

• Contact Form Submissions: Retained for up to 3 years after last contact unless you request deletion
• Newsletter Subscriptions: Retained until you unsubscribe
• Quiz Responses: Retained for 30 days unless you become a patient (then incorporated into records)
• Analytics Data: Retained according to Google Analytics’ retention settings (typically 26 months)
• Cookie Data: Varies by cookie type (see Cookie Policy for details)

10.2 Patient Health Records (PHI)

As required by law and professional standards, we retain patient therapy records for a minimum period after the last date of service:

• Adult Clients: Minimum 7 years after last date of service (California law requires 7 years)
• Minor Clients: Minimum 7 years after the client reaches age 18, or 7 years after last service, whichever is longer
• In some cases: Records may be retained longer if required by law or for legal defense purposes

10.3 Financial Records

• Billing and Payment Records: Retained for 7 years for tax and legal purposes
• Insurance Claims: Retained according to insurance requirements and applicable laws

10.4 Deletion and Disposal

When information is no longer needed:

• Electronic data is securely deleted using industry-standard methods
• Physical documents are shredded or destroyed in a secure manner
• We maintain documentation of records destruction as required by law

11. International Users

11.1 Data Transfer

Our services are primarily directed to individuals located in the United States, specifically in California. If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

The United States may have data protection laws that differ from those in your country. By using our website or services, you acknowledge that your information will be processed in the United States and consent to the transfer of your information to the United States.

11.2 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, we process your personal data in accordance with GDPR requirements. Your rights under GDPR are described in Section 6.2.

The legal basis for processing your personal data includes:

• Consent: Where you have given explicit consent for specific processing activities
• Contract: Where processing is necessary to provide services you have requested
• Legal Obligation: Where we must process data to comply with legal requirements
• Legitimate Interests: Where processing is necessary for our legitimate business interests (such as website analytics) and doesn’t override your rights

11.3 International Telehealth

We primarily serve clients located in California and do not routinely provide services to individuals outside the United States due to licensing and regulatory requirements. If you are located outside the United States and wish to receive services, please contact us to discuss whether we can accommodate your situation.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons. When we make changes, we will update the “Last Updated” date at the top of this policy.

12.1 Notice of Material Changes

If we make material changes to this Privacy Policy that significantly affect how we collect, use, or disclose your personal information, we will provide additional notice by:

• Posting a prominent notice on our website
• Sending an email to registered users (if we have your email address)
• For established patients: Providing notice through our patient portal or other direct communication

12.2 Your Acceptance of Changes

Your continued use of our website or services after we post changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree with the changes, you should discontinue use of our website and services.

12.3 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. The most current version will always be available on our website.