Telehealth available seven days a week
Legal & privacy

Privacy Policy

How we collect, use, and protect personal information on this site, and the specific rights California residents have under the CCPA and CPRA.

Effective date: 2026-05-03 · Last updated: 2026-05-03

0. Introduction and scope

This Privacy Policy ("Policy") describes how Pasadena Clinical Group, together with its owners, principals, members, officers, supervising clinicians, employees, independent contractors, associates, students, trainees, interns, practicum students, externs, postdoctoral fellows, volunteers, and affiliates (collectively, the "Practice," "we," "us," or "our"), collects, uses, discloses, secures, and retains personal information that is gathered through this website (the "Site") and through general non-clinical business interactions (e.g., contact-form submissions, practicum applications, billing inquiries, marketing communications).

Scope. This Policy applies to non-clinical personal information only. Information that is collected, used, or disclosed in the course of your clinical care — protected health information (PHI) under the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA, 45 C.F.R. Parts 160, 162, and 164), the HITECH Act (42 U.S.C. §17921 et seq.), the California Confidentiality of Medical Information Act (CMIA, Cal. Civ. Code §56 et seq.), the Lanterman-Petris-Short Act (Welf. & Inst. Code §5328 et seq.), and 42 C.F.R. Part 2 (substance-use-disorder records) — is governed by our Notice of Privacy Practices and not by this Policy. Where any conflict exists between this Policy and the Notice of Privacy Practices for clinical information, the Notice of Privacy Practices, HIPAA, CMIA, and any other applicable health-information law shall govern.

By using the Site you signify your acceptance of this Policy. If you do not agree, please discontinue use of the Site.

1. Information we collect

We collect personal information from three sources: (a) directly from you when you submit a contact form, practicum or career application, intake inquiry, payment, or other communication; (b) automatically when you browse the Site, through server logs, cookies, pixels, web beacons, local storage, and similar technologies (only categories beyond strictly-necessary load if you have consented through the banner); and (c) from third-party service providers acting on our behalf (hosting, analytics, security, form processing, payment processing) and from publicly available sources.

Categories of personal information, by California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA, Cal. Civ. Code §1798.100 et seq.) category:

  • Identifiers — name, alias, postal address, email, phone, IP address, account or online identifier.
  • Customer-record information (Cal. Civ. Code §1798.80) — billing address, insurance carrier and member ID (for billing only), signature, payment-card information (handled by our PCI-DSS-compliant processor and not stored by us).
  • Protected classifications — only as voluntarily provided in a practicum or career application (e.g., language, status as a veteran), used solely for the lawful purpose of evaluating the application.
  • Commercial information — services inquired about, communication preferences.
  • Internet or other electronic network activity — browsing actions, referring URLs, pages viewed, time on page, device, browser, operating system, screen size, and similar diagnostic data.
  • Geolocation data — approximate, city-level location derived from IP. We do not collect precise GPS location through the Site.
  • Audio, electronic, or visual information — only if you voluntarily submit it (e.g., a video link with a practicum application). Telephone calls to the Practice may be subject to call-recording disclosures under California Penal Code §632; if a call is recorded, we will tell you at the start.
  • Professional or employment-related information — for practicum or career applicants only (program, training year, CV, references).
  • Education information — for practicum or career applicants only, subject to the federal Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. §1232g) where applicable.
  • Inferences — limited inferences derived from the above, used only to operate the Site and respond to inquiries.
  • Sensitive personal information (Cal. Civ. Code §1798.140(ae)) — collected only to the extent you voluntarily submit it (e.g., a category in a practicum application). We do not collect health, mental-health, or biometric information through the Site for advertising or profiling purposes. Clinical health information is handled exclusively under HIPAA/CMIA, not this Policy.

We do not knowingly collect Social Security Numbers, driver's-license numbers, financial-account numbers, precise geolocation, biometric data, race or ethnicity (except as voluntarily disclosed by an applicant), citizenship or immigration status, or contents of mail, email, or text messages through the public Site.

2. Sources of personal information

Personal information is obtained from (a) you directly; (b) automated tracking on the Site (with consent for non-necessary categories); (c) our service providers and contractors operating on our behalf; (d) social-media platforms when you interact with our official handles; and (e) publicly available sources, including professional directories, when relevant to a practicum or career application.

3. How we use personal information (purposes of processing)

We use personal information for the following business and commercial purposes, each consistent with the disclosure obligations of CCPA/CPRA:

  • To respond to your inquiry, request a callback, or provide information you requested.
  • To schedule appointments, verify insurance benefits, process payments, and bill for services (see Good Faith Estimate).
  • To process and evaluate applications for clinical care, practicum, externship, postdoctoral fellowship, or employment.
  • To communicate about your care, our services, scheduling, billing, intake logistics, satisfaction surveys (post-discharge), or material changes to our policies.
  • To comply with applicable law, regulation, court order, subpoena, or government request, including mandated reporting obligations described in our Notice of Privacy Practices and Treatment Consent.
  • To detect, prevent, and respond to fraud, abuse, security incidents, malicious or illegal activity, denial-of-service or other cyberattack, or violations of our Terms & Conditions; and to defend or assert legal claims.
  • To exercise or protect the rights, property, life, or safety of the Practice, our patients, our personnel, or the public.
  • To maintain, improve, and secure the Site, including diagnostic logging and analytics conducted on a privacy-respecting, aggregated basis.
  • For any short-term, transient use, debugging, internal research, and quality improvement permitted under CCPA/CPRA.
  • For non-clinical marketing (e.g., open-house announcements, newsletter) only with your express opt-in.

Lawful bases under non-California laws. Where another jurisdiction's laws apply (e.g., the EU/UK General Data Protection Regulation), the lawful bases on which we rely are: performance of a contract; compliance with a legal obligation; pursuit of legitimate interests in operating and securing the Site, defending claims, and conducting our business; and your consent (which you may withdraw at any time without affecting the lawfulness of prior processing).

4. Disclosures of personal information

We disclose personal information to the following categories of recipients, only as necessary to fulfill the purposes above and under written contracts that obligate them to protect the information:

  • Service providers and contractors — hosting, security, content delivery, analytics (only if consented), form processing, email transmission, payment processing, e-signature platforms, electronic-health-record vendors, billing vendors, identity-verification vendors, and similar providers, all under contracts that comply with CCPA/CPRA §1798.140(ag) and (j) and, where applicable, HIPAA Business Associate Agreements (45 C.F.R. §164.504(e)).
  • Professional advisers — attorneys, auditors, insurers, brokers, accountants, and consultants under duties of confidentiality.
  • Successors — in connection with a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets, subject to confidentiality and continued protection consistent with this Policy.
  • Government, regulatory, and law-enforcement authorities — when required by law, in response to a subpoena, court order, or warrant, or as needed to enforce our rights, prevent fraud, or protect any person.
  • Other parties with your consent — including any party you direct us to share with.

"Sale" and "sharing" of personal information (CCPA/CPRA). We do not sell personal information for monetary consideration. We do not "share" personal information for cross-context behavioral advertising in the CCPA/CPRA sense unless you have given affirmative consent through our cookie banner; if so, you may revoke that consent at any time. We also honor browser-based Global Privacy Control (GPC) signals as opt-out preference signals where applicable.

5. Cookies, pixels, and analytics

The Site uses cookies and similar tracking technologies, organized into four categories: Strictly Necessary (always on, required for the Site to load), Performance/Analytics (off by default), Functionality (off by default), and Marketing (off by default). For details, see the Cookie Policy. You can change your choices any time through the Cookie Preferences link or the "Do Not Sell or Share My Personal Information" link.

6. Your California privacy rights (CCPA/CPRA)

If you are a California resident, you have the following rights with respect to personal information we hold about you. These rights are subject to the verification and exception provisions of the CCPA/CPRA.

  • Right to know the categories and specific pieces of personal information we have collected, the sources, the business or commercial purposes, the categories of third parties to whom we have disclosed it, and the categories of third parties with whom we have shared it for cross-context behavioral advertising (none, unless you have consented).
  • Right to delete personal information we have collected from you, subject to lawful exceptions (e.g., retention required to complete a transaction; retention for healthcare, billing, fraud prevention, security, or legal compliance; protected free-speech rights; internal lawful uses reasonably aligned with your expectations).
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing for cross-context behavioral advertising. As stated, we do not sell. To opt out of any sharing for advertising at any time, use the "Do Not Sell or Share My Personal Information" link in our footer or send a request to office@pasadenaclinicalgroup.com.
  • Right to limit use and disclosure of sensitive personal information.
  • Right to data portability — to receive a copy of your personal information in a portable, readily usable format.
  • Right to non-discrimination — we will not deny services, charge different prices, or provide a lesser service for exercising any of these rights.

How to exercise. Submit a request by email to office@pasadenaclinicalgroup.com (subject line: "Privacy Request"), by phone at (626) 354-6440, or by mail to Pasadena Clinical Group, Attn: Privacy Officer, 301 N. Lake Ave, STE 600, Pasadena, CA 91101. We will acknowledge within ten (10) business days and respond substantively within forty-five (45) calendar days (extendable by a further forty-five (45) days with notice). We will verify your identity using information already in our records before processing. You may also designate an authorized agent in writing to make a request; we will require the agent's authorization and may verify your identity directly.

Right to appeal. If we decline a request, you may appeal by replying to our response within thirty (30) days. We will respond to the appeal within forty-five (45) days. If you remain dissatisfied, you may contact the California Attorney General (oag.ca.gov) or the California Privacy Protection Agency (cppa.ca.gov).

7. Other state privacy rights

If you reside in another U.S. state with a comprehensive privacy law (including, without limitation, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, New Hampshire, New Jersey, Delaware, Iowa, Tennessee, Indiana), you may have rights similar to those described in Section 6 — including the right to access, correct, delete, port, and opt out of targeted advertising and certain "sales." Use the same channels in Section 6 to exercise these rights, and we will respond consistent with the law applicable to your residence.

8. Children's privacy

The Site is not directed to children under thirteen (13) within the meaning of the federal Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §6501 et seq.), nor to consumers under sixteen (16) within the meaning of the CCPA/CPRA's heightened standard for opt-in to sale or sharing. We do not knowingly collect, sell, or share personal information of minors without verifiable parental consent (for those under thirteen) or affirmative opt-in (for those thirteen to fifteen). Parents who believe a minor has provided personal information through the Site should contact us; we will delete it promptly.

9. Data retention

We retain non-clinical website inquiry information for up to twenty-four (24) months from your last interaction unless a longer retention period is required by law (e.g., contract, billing, employment, defense of legal claims, regulatory recordkeeping). If we open a clinical record, that record is retained under California Code of Regulations and the California Business & Professions Code provisions applicable to mental-health practices — generally seven (7) years from the date of last service for adults, and for minors, until the patient reaches age eighteen plus seven years, or longer where required (see Treatment Consent). Server logs and security logs are retained for the period needed to detect and investigate incidents (typically up to twelve (12) months) and longer if required for an active investigation.

10. Information security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, disclosure, or destruction, including HTTPS/TLS for all Site traffic, role-based access controls, secure hosting, vendor diligence, and routine system updates. Despite these safeguards, no method of transmission over the internet or electronic storage is one-hundred-percent secure, and the Practice cannot and does not guarantee absolute security. To the maximum extent permitted by law, you assume the risk of any transmission over public networks. In the unlikely event of a breach affecting personal information, we will notify affected California residents consistent with Cal. Civ. Code §1798.82 and any other applicable law (including, for PHI, the HIPAA Breach Notification Rule, 45 C.F.R. §§164.400–414).

11. International users

The Site is operated from the United States. If you access the Site from outside the United States, you understand that your personal information will be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those in your country. By using the Site you consent to such transfer.

12. Do Not Track

Some browsers transmit "Do Not Track" signals. Because there is no industry consensus on response, we do not currently respond to DNT signals. We do honor the Global Privacy Control (GPC) signal as an opt-out-preference signal under CCPA/CPRA where applicable.

13. Third-party services

Pages on the Site may include links to or content from third-party services (e.g., maps, video, social-media, payment processors). Those services are governed by their own privacy policies, and we are not responsible for their data practices. Review their policies before using.

14. Sensitive personal information limits

We process sensitive personal information only for the limited purposes permitted under CCPA/CPRA §1798.121 — namely, to perform the services you have requested, prevent fraud, ensure security and integrity, resist malicious actors, conduct short-term transient use, ensure quality, and comply with law. We do not use sensitive personal information for inferring characteristics about you.

15. No-warranty / no-liability and dispute resolution

To the maximum extent permitted by law, the information collection and security measures described above are provided on an "as is" basis. The dispute-resolution provisions of our Terms & Conditions — including mandatory mediation, then binding individual arbitration in Los Angeles County, California, governed by the Federal Arbitration Act and the California Arbitration Act, with class-action and jury waivers — apply to any dispute arising out of or relating to this Policy, except to the extent inconsistent with non-waivable consumer protections under the CCPA/CPRA.

16. Changes to this Policy

We may update this Policy from time to time. The "Effective date" reflects the most recent revision. Material changes will be posted prominently on this page and, where appropriate, by direct notice. Your continued use of the Site after a revision constitutes acceptance.

Contact us about this Policy

Questions, requests, or complaints regarding this Policy can be directed to our Privacy Officer, Pasadena Clinical Group, 301 N. Lake Ave, STE 600, Pasadena, CA 91101, by phone at (626) 354-6440, or by email at office@pasadenaclinicalgroup.com.