California Notice at Collection & Privacy Policy

Last Updated: June 6, 2024

Mindpath Health understands the importance of our obligation to protect the privacy of consumers’ personal information. This California Notice at Collection & Privacy Policy (“Notice”) is adopted to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), and explains how Mindpath Health collects and uses information provided to us by consumers who access, use, or interact with our websites or other business applications. If you are a resident of California, this Notice, together with our Privacy Policy, applies to you.

We do not sell personal information we collect about consumers or share it with third parties for cross-context behavioral advertising. However, we do share personal information we collect from consumers with the following categories of third parties for Mindpath Health’s business or commercial purposes described below.

Personal Information Category Examples Categories of Third Parties to Whom Disclosed
Identifiers Real name, alias, postal address, email address, telephone number, username, Social Security number, driver’s license or state identification card number
  • IT, cloud and hosting service providers
  • Business application providers
  • Managed services providers
  • Insurance companies
Personal information of the types listed in the California Customer Records statute (Cal. Civ. Code § 1798.803(e)) Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information.
  • IT, cloud and hosting service providers
  • Business application providers
  • Managed services providers
  • Payment processing vendors
Protected classification characteristics under state or federal law Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, age, disability or military status
  • IT, cloud and hosting service providers
  • Business application providers
  • Managed services providers
  • Insurance companies
Internet or other similar network activity IP addresses, access logs, browsing history, search history, and usage history with respect to business applications or systems
  • IT, cloud and hosting service providers
  • Business application providers
  • Managed services providers
Geolocation data Physical location (based on IP address), including City, State, Zip, Country
  • IT, cloud and hosting service providers
  • Business application providers
  • Managed services providers
Inferences drawn from other personal information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities or aptitudes
  • IT, cloud and hosting service providers
  • Business application providers
  • Managed services providers

How We Collect Your Information

Mindpath Health collects the above-identified categories of personal information from the following sources:

  • Direct collection: We collect information directly from you when you choose to provide it to us by requesting information, completing a form via our websites or other business applications, submitting feedback to us or otherwise directly providing the information to us.
  • Third parties: We collect information about you from third parties who perform certain services or functions on our behalf and to whom you directly provide information (such as when you schedule an appointment with us).
  • Indirect and technology-based collection: We also collect certain information from you indirectly when you access our websites or other business applications or use our online scheduling tool. We collect certain identifiers (such as IP addresses) and internet and similar network activity (such as website usage data) from you indirectly using cookies, pixels, and passive tracking technologies.

Sensitive Personal Information

Mindpath Health does not collect “sensitive personal information” (as defined by the CCPA) for the purposes of inferring characteristics about California consumers. Accordingly, Mindpath Health treats any such information as “personal information” consistent with applicable provisions of the CCPA.

Use of Personal Information

We collect and use your personal information for the following business or commercial purposes, consistent with and only as permitted by applicable law:

  • To provide you with the information or services you request;
  • To communicate with you and respond to your inquiries about our services, including to provide you with informational communications and investigate any concerns you have about our services or your experience;
  • To complete transactions, process your payments and manage the transaction process;
  • To administer surveys;
  • To manage our business relationships;
  • To provide marketing and advertising communications;
  • To enhance and maintain our websites and other business applications in order to optimize your experience;
  • To perform other functions as otherwise described to you at the time of collection or to which you otherwise consent; and
  • For any other lawful, legitimate business purpose.

Disclosure of Personal Information

As indicated above, we may disclose some of your personal information with third-party service providers and vendors as necessary for our business purposes. For example, we may disclose your information:

  • With our service providers who perform certain services or functions on our behalf (for example, we may share your information with a hosting service provider who hosts one of our websites that you have visited);
  • In accordance with your consent or direction, as permitted by law;
  • As required to comply with applicable laws;
  • To respond to claims or comply with legal process served on Mindpath Health;
  • To enforce or apply our policies or agreements;
  • To protect and defend our and others’ rights and property (including intellectual property rights); and
  • In connection with a business transaction.

Sale or Sharing of Personal Information

In the past 12 months, Mindpath Health has not “sold” any categories of personal information, or “shared” any such information for the purposes of cross-context behavioral advertising. Likewise, Mindpath Health does not have actual knowledge of any sales or sharing of personal information regarding minors under 16 years of age.

Applicable Retention Periods

For each category of personal information identified above, Mindpath Health will retain such information only for as long as necessary to fulfill your requests or the purposes for which it was obtained, as set forth in this Notice. The criteria used to determine our retention periods include (i) for as long as we have an ongoing relationship with you, (ii) as required by a legal obligation to which we are subject, and (iii) as necessary to resolve any disputes or enforce our legal agreements with you.

Your Rights Under the CCPA

The CCPA provides California residents with the rights discussed below. For convenience, and as required by the CCPA, we explain how you can exercise those rights, to the extent they are applicable.

  1. Right to Request Information. You have the right to request that we disclose certain information about our collection and use of your personal information during the past 12 months. Specifically, you may request that we disclose:

    • The categories of personal information we collected about you;
    • The categories of sources for the personal information we collected about you;
    • The business and commercial purposes for collecting your personal information;
    • The categories of third parties to whom we disclose your personal information;
    • The specific pieces of personal information we collected about you; and
    • If we disclosed your personal information for a business purpose, the categories of personal information received by each category of third party.
  2. Right to Data Portability. You have the right to request that we provide copies of the specific pieces of personal information we collected about you. If a verifiable consumer request is made, and subject to any exceptions or limitations under the CCPA, we will take steps to deliver the personal information to you either by mail or electronically. If we provide the information to you electronically, it will be in a portable and readily useable format, to the extent technically feasible. Consistent with the CCPA and our interest in the security of your personal information, we will describe but may not provide copies of certain personal information we may receive from you (e.g., driver’s license number, other government-issued identification number, financial account number, health or medical identification number, account password, or security questions or answers) in response to a CCPA request, to the extent any of those items are in our possession.
  3. Right to Request Deletion. You have the right to request that we delete personal information we collected from you, subject to any exceptions or limitations under the CCPA.
  4. Right to Correct Inaccurate Information. If we maintain inaccurate personal information about you, you have the right to request that we correct that inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
  5. Right to Opt-Out. Consumers in California have the right to opt-out of (a) the sale of personal information, or (b) the sharing of their personal information for the purposes of cross-context behavioral advertising (as defined in the CCPA). Because Mindpath Health does not “sell” or “share” personal information, these rights are not available.

Exercising Your Rights

To exercise the rights described above, you—or someone authorized to act on your behalf—must submit a verifiable consumer request to us by sending an e-mail to [email protected]. Your request must include your name, e-mail address, mailing address, phone number, and the specific requests you are making. If you are an agent submitting a request on behalf of a consumer, we may request that you submit a signed authorization from the consumer authorizing you to make the request. In order to protect the privacy and data security of consumers, the verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of such consumer; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

As indicated above, please be aware that the CCPA provides certain limitations and exceptions to the foregoing rights, which may result in us denying or limiting our response to your request. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We may also request that you provide additional information if needed to verify your identity or authority to make the request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you or the consumer on whose behalf you are making the request.

Response Timing and Format

The CCPA requires us to respond to a verifiable consumer request within 45 days of its receipt; however, we may extend that period by an additional 45 days. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response via e-mail or mail. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request, provided that you may request disclosure beyond the 12-month period as permitted by the CCPA. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select the format of our response; the format will be readily useable and should allow you to transmit the information from one entity to another. We will not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the request.

Our Commitment Not to Discriminate

We will not discriminate or retaliate against a California consumer for exercising their rights under the CCPA, including by denying you services that we make available, charging you different prices or rates for services, providing a different level or quality of services, or suggesting that you may receive a different price or level of quality of services.

Changes to this Notice

We reserve the right to amend this Notice at our discretion and at any time. If there are changes to this Notice, we will post them here and update the “Last Updated” date at the top of this document. Continued use of Mindpath Health’s websites and other business applications after any changes is deemed to be an acceptance of those changes. Please check this page periodically for updates.

Privacy Policies

To view Mindpath Health’s complete privacy policy, visit https://www.mindpath.com/about/privacy-policy/. For information about how Mindpath Health uses and discloses your protected health information, including information that is provided through our patient portals, please review our Notice of Privacy Practices.

Contact Information

Questions regarding this Notice should be directed to [email protected].