PRIVACY POLICY
Last Updated on: January 18, 2024
Resilient Recovery Treatment Center, Inc. and its affiliates (“Resilient Recovery” “we,” or “us”) owns and operates this website (the “Platform“). Your access and use of the Platform, any part thereof, or anything associated therewith, including its content (“Content”), any products or services provided through the Platform or otherwise by Resilient Recovery, and any affiliated website, software or application owned or operated by Resilient Recovery (collectively, including the Platform and the Content, the “Service”) are subject to this Privacy Policy unless specifically stated otherwise. Capitalized terms not otherwise defined in this Privacy Policy have the same meaning as set forth in the Resilient Recovery Terms of Service (“Terms of Service”).
We are committed to respecting the privacy of users of the Service. We created this Privacy Policy (the “Privacy Policy”) to tell you how Resilient Recovery collects, uses and discloses information in order to provide you with the Service.
As with our Terms of Service, by creating, registering, or logging into an account through the Service, or otherwise accessing or using the Service, you are automatically accepting and acknowledging the most recent version of this Privacy Policy. If we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the “Last updated” date of the Privacy Policy.
If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.
Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this Privacy Notice. This Privacy Notice may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates. Any Privacy Notice will be effective for all PHI, as defined herein below, that we maintain at that time. Please note that a copy of this Privacy Notice may also be obtained in person at our facility and by request by contacting us at please contact us via email at [email protected]
1. Limitations on Use by Minors
Our Service is generally intended for use by individuals who are at least eighteen (18) years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. Individuals who are between the ages of thirteen (13) and eighteen (18) (or such older age of majority) may use the Service only if a parent or legal guardian provides consent to such use in accordance with the requirements set forth in our Terms of Service and the Service. The Service is not designed or intended to attract, and is not directed to, children under thirteen (13) years of age. If we obtain actual knowledge that we have collected personal information through the Platform from a person under thirteen (13) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form.
If you believe we might have any information directly from a child under 13, please contact us at (844) BESOBER (237-6237), or through via email at [email protected].
Please note that we are not required to erase or otherwise eliminate, or enable erasure or elimination of such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires Resilient Recovery to maintain the content or information; when Resilient Recovery maintains the content or information on behalf of your Providers (as defined in our Terms of Service) as part of your electronic medical record; when the content or information is stored on or posted to the Site by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when Resilient Recovery anonymizes the content or information, so that you cannot be individually identified; when you do not follow the aforementioned instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.
The foregoing is a description of Resilient Recovery’s voluntary practices concerning the collection of personal information through the Service from certain minors and is not intended to be an admission that Resilient Recovery is subject to the Children’s Online Privacy Protection Act, the Federal Trade Commission’s Children’s Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations.
2. Confidentiality of Alcohol and Drug Abuse Records
Any alcohol and drug abuse records that are maintained by Resilient Recovery are protected by all applicable federal and state laws and regulations. Generally, if you are a Resilient Recovery Patient, we will not inform any individual outside of Resilient Recovery’s center and its staff members that you are a Resilient Recovery patient, or disclose any information identifying you as an alcohol or drug abuser unless:
- Consent is obtained from you in writing;
- The disclosure is allowed or required by a court order or applicable law; or
- The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
If you suspect that Resilient Recovery is violating any federal or state law and regulations, you may report such violation to the appropriate authorities in accordance with federal and state laws and regulations.
Please note that federal and state laws and regulations do not protect any information about a crime committed by you either at Resilient Recovery or against any person who works for Resilient Recovery or about any threat to commit such a crime. Federal and state laws and regulations also do not protect any information about suspected child abuse or neglect from being reported under to appropriate federal, state, or local authorities.
Please note that all of the foregoing are discussed further in Section 3 below in Uses and Disclosures of PHI.
3. Protected Health Information
When you set up an account with Resilient Recovery, you are creating a direct customer relationship with Resilient Recovery that enables you to access and/or utilize the various functions of the Platform and the Service as a user. As part of that relationship, you may provide information to Resilient Recovery that is not considered to be “protected health information” or “medical information.” However, in using certain components of the Service, you may also provide certain health or medical information that may be protected under applicable laws, included but not limited to PHI (as defined below).
Resilient Recovery is a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”) and is required by law to protect your “protected health information,” as defined under HIPAA, that you provide to Resilient Recovery (“PHI”). In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI, “Protected Information”), will be used and disclosed only in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws.
Uses and Disclosures of PHI
The following categories describe various ways that we use and disclose your PHI and your Alcohol and Drug Abuse Records (unless otherwise prohibited by applicable law):
- At Resilient Recovery: We may use or disclose information between or among personnel having a need for the information in connection with their duties that arise out of the provision of diagnosis, treatment, or referral for treatment, provided such communication is: (i) within the Resilient Recovery treatment center; or (ii) amongst Resilient Recovery staff. For example, our staff, including doctors, nurses, and clinicians, will use your PHI to provide your treatment care. Your PHI may be used in connection with billing statements we send you and in connection with tracking charges and credits to your account. Your PHI will be used to check for eligibility for insurance coverage and prepare claims for your insurance company where appropriate. We may use and disclose your PHI in order to conduct our healthcare business and to perform functions associated with our business activities, including accreditation and licensing.
- Secretary of Health and Human Services: We are required to disclose PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA Privacy Rules.
- Business Associates: We may disclose your PHI to Business Associates that are contracted by us to perform services on our behalf which may involve receipt, use or disclose of your PHI. All of our Business Associates must agree to (i) protect the privacy of your PHI; (ii) use and disclose the information only for the purposes for which the Business Associate was engaged; (iii) be bound by 42 CFR Part 2; and (iv) if necessary, resist in judicial proceedings any efforts to obtain access to patient records except as permitted by law.
- Crimes on Premises: We may disclose to law enforcement officer’s information that is directly related to the commission of a crime on the premises or against our personnel or to a threat to commit such a crime.
- Reports of Suspected Child Abuse and Neglect: We may disclose information required to report under state law incidents of suspected child abuse and neglect to the appropriate state or local authorities. However, we may not disclose the original patient records, including for civil or criminal proceedings which may arise out of the report of suspected child abuse and neglect, without consent.
- Court Order: We may disclose information required by a court order, provided certain regulatory requirements are met.
- Emergency Situations: We may disclose information to medical personnel for the purpose of treating you in an emergency.
- Research: We may use and disclose your information for research if certain requirements are met, such as approval by an Institutional Review Board.
- Audit and Evaluation Activities: We may disclose your information to persons conducting certain audit and evaluation activities, provided the person agrees to certain restrictions on disclosure of information.
- Reporting of Death: We may disclose your information related to the cause of death to a public health authority that is authorized to receive such information.
Authorization to Use or Disclose PHI
Other than as stated above, we will not use or disclose your PHI other than with your written authorization. Subject to compliance with limited exceptions, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes, or sell your PHI unless you have signed an authorization. If you or your representative authorize us to use or disclose your PHI, you may revoke that authorization in writing at any time to stop future uses or disclosures. We will honor oral revocations upon authenticating your identity until a written revocation is obtained. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect.
Rights with Respect to PHI
The following are the rights that you have regarding PHI that we maintain about you. Information regarding how to exercise those rights is also provided. Protecting your PHI is an important part of the Services Resilient Recovery provides you. We want to ensure that you have access to your PHI when you need it and that you clearly understand your rights as described below.
Right of Notice
You have the right to adequate notice of the uses and disclosures of your PHI, and our duties and responsibilities regarding the same, as provided for herein. You have the right to request both a paper and an electronic copy of this Privacy Notice. You may ask us to provide a copy of this Privacy Notice at any time. You may obtain this Privacy Notice by contacting us below or from any Resilient Recovery center or our Privacy Officer.
Right of Access to Inspect and Copy PHI
You have the right to access, inspect and obtain a copy of your PHI for as long as we maintain it as required by law. This right may be restricted only in certain limited circumstances as dictated by applicable law. All requests for access to your PHI must be made in writing. Under a limited set of circumstances, we may deny your request. Any denial of a request to access will be communicated to you in writing. If you are denied access to your PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by Resilient Recovery will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the decision made by the designated professional. If you are further denied, you have a right to have a denial reviewed by a licensed third-party healthcare professional (i.e., one not affiliated with Resilient Recovery). Resilient Recovery further agrees that it will comply with the decision made by the designated professional.
We may charge a reasonable, cost-based fee for the copying and/or mailing process of your request. As to PHI which may be maintained in electronic form and format, you may request a copy to which you are otherwise entitled in that electronic form and format if it is readily producible, but if not, then in any readable form and format as we may agree (e.g. PDF). Your request may also include transmittal directions to another individual or entity.
Right to Amend PHI
If you believe the PHI that Resilient Recovery has about you is incorrect or incomplete, you have the right to request that Resilient Recovery amends your PHI for as long as it is maintained by Resilient Recovery. The request must be made in writing, and you must provide a reason to support the requested amendment. Under certain circumstances, we may deny your request to amend, including but not limited to, when the PHI:
- Was not created by us;
- Is excluded from access and inspection under applicable law; or
- Is accurate and complete.
If we deny amendment, we will provide the rationale for denial to you in writing. You may write a statement of disagreement if your request is denied. This statement will be maintained as part of your PHI and will be included with any disclosure. If we accept the amendment, we will work with you to identify other healthcare stakeholders that require notification and provide the notification.
Right To Request An Accounting Of Disclosures
We are required to create and maintain an accounting (list) of certain disclosures we make of your PHI. You have the right to request a copy of such an accounting during a time period specified by applicable law prior to the date on which the accounting is requested (up to six years). You must make any request for an accounting in writing. We are not required by law to record certain types of disclosures (such as disclosures made pursuant to an authorization signed by you), and a listing of these disclosures will not be provided. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. We will notify you of the fee to be charged (if any) at the time of the request.
Right To Request Restrictions
You have the right to request restrictions or limitations on how we use and disclose your PHI for treatment, payment, and operations. We are not required to agree to restrictions for treatment, payment, and healthcare operations except in limited circumstances as described below. This request must be in writing. If we do agree to the restriction, we will comply with restriction going forward, unless you take affirmative steps to revoke it or we believe, in our professional judgment, that an emergency warrants circumventing the restriction in order to provide the appropriate care or unless the use or disclosure is otherwise permitted by law. In rare circumstances, we reserve the right to terminate a restriction that we have previously agreed to, but only after providing you notice of termination.
Out-Of-Pocket Payments
If you have paid out-of-pocket (or in other words, you or someone besides your health plan has paid for your care) in full for a specific item or service, you have the right to request that your PHI with respect to that item or service not be disclosed to a health plan for purposes of payment or healthcare operations, and we are required by law to honor that request unless affirmatively terminated by you in writing and when the disclosures are not required by law. This request must be made in writing.
Right To Confidential Communications
You have the right to request that we communicate with you about your PHI and health matters by alternative means or alternative locations. Your request must be made in writing and must specify the alternative means or location. We will accommodate all reasonable requests consistent with our duty to ensure that your PHI is appropriately protected.
Right To Notification Of A Breach
You have the right to be notified in the event that we (or one of our Business Associates) discover a breach involving unsecured PHI.
Right To Voice Concerns
You have the right to file a complaint in writing with us or with the U.S. Department of Health and Human Services if you believe we have violated your privacy rights. Any complaints to us should be made in writing to our Privacy Official at the following address:
Resilient Recovery Treatment Center, Inc.
ATTN: Privacy Official
43900 Clark Ct.
Lancaster CA 93536
We will not retaliate against you for filing a complaint.
Questions, Requests for Information, and Complaints
For questions, requests for information, more information about our privacy policy or concerns, please contact us. If you wish to contact us, you may contact both us through the contact information found at the bottom of this Privacy Notice or through the Contact Us form on our Website.
4. Collection of Information
We collect any information you provide when you use the Service, including, but not limited to:
- Personally identifying information such as your name and contact data such as your e-mail address, phone number, and billing and physical addresses
- Your login and password and other account (“Account”) registration details
- Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, or requesting further services.
- Records and copies of your correspondence (including email addresses), if you contact us;
- Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.
- Demographic data (such as your gender, date of birth and zip code)
- Computer, mobile device and/or browser information (e.g., IP address, mobile device ID information, operating system, connection speed, bandwidth, browser type, referring/exist web pages, web page requests, cookie information, hardware attributes, software attributes)
- Third-party website, network, platform, server and/or application information (e.g., Facebook, Twitter, Instagram)
- Usage activity concerning your interactions with the Service and/or third-party websites, networks or applications accessed through the Service (e.g., viewing habits, viewing preferences, viewing history, number of clicks on a page or feature, amount of time spent on a page or feature, identify of third-party websites, networks, etc.)
- Billing, payment, and shipping information
- Electronic signature
- Any other information you provide when you contact or communicate with us.
If you use your mobile device to visit, access or use the Service, then additional categories of information that we collect may include:
- Your name associated with your mobile device
- Your telephone number associated with your mobile device
- Your geolocation
- Your mobile device ID information
We also collect certain medical information on behalf of the Medical Groups and your Providers, which may include, but is not limited to:
- Health and medical data you submit for diagnosis or treatment purposes, including information in any questionnaires or surveys you complete for these purposes
- Date of visit
- Images or videos you share for diagnosis or treatment purposes
- Communications with Providers
We may also receive information about you from our partners. For example, as part of our identity verification process, our vendor may send us information they have independently collected, such as your name, age, and estimated location. Our marketing partners may also send us information about you, even if you have not visited or registered on our site.
Resilient Recovery does not collect or create biometric information about you. To use some of our services, however, we may be required to verify your identity. If you are asked to submit proof of identity (such as a driver’s license or passport) we may share that and the selfie you shared with us with our identity verification partner, who may create biometric information about your face in order to verify that your selfie matches your proof of identity. Biometric information is not shared with Resilient Recovery and is deleted by our identity verification partner after completing the identity verification. Resilient Recovery may receive information extracted from your photos, such as information from your driver’s license and the confidence that there is a “match” between your two photos. We use this information to help verify your identity.
5. How Information Is Collected
Resilient Recovery might collect personal and non-personal information directly from you when you visit, access or use the Service; when you register with or subscribe to the Service or any products or services available through the Service; when you “sign in,” “log in,” or the like to the Service; when you allow the Service to access, upload, download, import or export content found on or through, or to otherwise interact with, your computer or mobile device (or any other device you may use to visit, access or use the Service) or online accounts with third-party websites, networks, platforms, servers or applications (e.g., your online social media accounts, your cloud drives and servers, your mobile device service provider); or whenever Resilient Recovery asks you for such information, such as, for example, when you process a payment through the Service, or when you answer an online survey or questionnaire. In addition, if you or a third party sends Resilient Recovery a comment, message, or other communication (such as, by way of example only, email, letter, fax, phone call, or voice message) about you or your activities on or through the Site and/or the App, then Resilient Recovery may collect any personal or non-personal information provided therein or therewith.
We may also receive information from third parties that pay for your care or provide you with treatment, services, laboratory care or prescription medication, which may include, for example, your prescription history diagnoses, treatment plans, notes, and laboratory test results.
We also may receive personal information about you from our service providers who assist us with identity verification in connection with our Services, which may include information parsed from your driver’s license or passport, your estimated location, your address and how long you have lived there, and your contact information.
Finally, Resilient Recovery might use various tracking, data aggregation and/or data analysis technologies, including, for example, the following:
- Cookies, which are small data files (e.g., text files) stored on the browser or device you use to view a website or message. They may help store user preferences and activity and may allow a website to recognize a particular browser or device. There are several types of cookies, including, for example, browser cookies, session cookies, and persistent cookies. Cookies may record information you access on one page of a website to simplify subsequent interaction with that website, or to help streamline your transactions on related pages of that website. Most major browsers are set up so that they will initially accept cookies, but you might be able to adjust your browser’s or device’s preferences to issue you an alert when a cookie is downloaded, or to block, reject, disable, delete or manage the use of some or all cookies on your browser or device. Cookies can be set by the website owner (i.e., us), or they can be set by third parties (e.g., Facebook, Google, etc.) Cookies are used to help us speed up your future activities or to improve your experience by remembering the information that you have already provided to us. Third party cookies may also be used to enable analytics (e.g. Google Analytics) or advertising functionality (e.g., ad re-targeting on third-party websites) that enables more customized services and advertising by tracking your interaction with our Service and collecting information about how you use the Service.
- Flash cookies, which are cookies written using Adobe Flash, and which may be permanently stored on your device. Like regular cookies, Flash cookies may help store user preferences and activity, and may allow a website to recognize a particular browser or device. Flash cookies are not managed by the same browser settings that are used for regular cookies.
- Web beacons, which are pieces of code embedded in a website or email to monitor your activity on the website or your opening of the email, and which can pass along information such as the IP address of the computer or device you use to view the website or open the email, the URL page on which the web beacon is located, the type of browser that was used to access the website, and previously set cookie values. Web beacons are sometimes used to collect advertising data, such as counting page views, promotion views or advertising responses. Disabling your computer’s, device’s or browser’s cookies may prevent some web beacons from tracking or recording certain information about your activities.
- Scripts, which are pieces of code embedded in a website to define how the website behaves in response to certain key or click requests sent by the user. Scripts are sometimes used to collect information about the user’s interactions with the website, such as the links the user clicks on. Scripts are often times temporarily downloaded to the user’s computer or device from the website server, active only while the user is connected to the Site and/or the App, and deactivated or deleted when the user disconnects from the website.
- Analytic tools and services, which are sometimes offered by third parties, and which track, measure and/or generate information about a website’s or program’s traffic, sales, audience and similar information, and which may be used for various reasons, such as, for example, statistical research, marketing research, and content ratings research, and conversion tracking. Examples of the analytic tools and services which Resilient Recovery might use include Google Analytics. Resilient Recovery may also use other third-party analytic tools and services.
Please be advised that if you choose to block, reject, disable, delete, or change the management settings for any or all of the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies, then certain areas of the Platform might not function properly.
By visiting, accessing, or using the Service, you acknowledge and agree in each instance that you are giving Resilient Recovery permission to monitor or otherwise track your activities on the Service, and that Resilient Recovery may use the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies. Notwithstanding the foregoing, Resilient Recovery does not permit third parties or third-party cookies to access to any communications you have with the Providers, or medical information that you submit to the Providers for diagnosis and treatment purposes.
6. Use of Information
In connection with providing the Service, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to:
- Verifying your identity;
- Confirming your location;
- Administering your account;
- Fulfilling your requests;
- Processing your payments;
- Facilitating your movement through the Service;
- Facilitating your use of the Service and/or products or services offered through the Service;
- Communicating with you by letter, email, text, telephone or other forms of communication, including to facilitate medical services;
- Providing you with information about Resilient Recovery’s businesses, products and services by letter, email, text, telephone or other forms of communication;
- Providing you with customer support;
- Providing you with information about third-party businesses, products and services by letter, email, text, telephone or other forms of communication;
- Developing, testing or improving the Service and content, features and/or products or services offered via the Service;
- Identifying or creating new products, services, marketing and/or promotions for Resilient Recovery or the Service;
- Promoting and marketing Resilient Recovery, the Service, and the products and/or services offered via the Service;
- Improving user experiences with the Service;
- Analyzing traffic to and through Service;
- Analyzing user behavior and activity on or through the Service;
- Conducting research and measurement activities for purposes of product and service research and development, advertising claim substantiation, market research, and other activities related to Resilient Recovery, the Service or products and services offered via the Service;
- Monitoring the activities of you and others on or through the Service;
- Placing and tracking orders for products or services on your behalf;
- Protecting or enforcing Resilient Recovery’s rights and properties;
- Protecting or enforcing the rights and properties of others (which may include you);
- When required by applicable law, court order or other governmental authority (including, without limitation and by way of example only, in response to a subpoena or other legal process); or
- Resilient Recovery believes in good faith that such use is otherwise necessary or advisable (including, without limitation and by way of example only, to investigate, prevent, or take legal action against someone who may be causing injury to, interfering with, or threatening the rights, obligations or properties of Resilient Recovery, a user of the Service, which may include you, or anyone else who may be harmed by such activities or to further Resilient Recovery’s legitimate business interests).
We may de-identify your information and use, create and sell such de-identified information, or any business or other purpose not prohibited by applicable law.
7. Disclosure of Information
Subject to the limitations described in the Protected Health Information section above, we may disclose your information to third parties in connection with the provision of our Service or as otherwise permitted or required by law. For example, we may disclose your information:
- To our subsidiaries and affiliates;
- To our third-party and service providers (collectively “vendors”) that provide services to enable us to provide the Service, such as the hosting of the Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, and other similar services;
- To our vendors that provide services to enable us to run our business and administrative operations, such as legal and financial advisory services, auditing services, analytics and similar services;
- To our vendors that provide services to enable us to promote and advertise the Service and the products and/or services offered via the Service, such as ad platforms or ad-retargeting services, as well as comply with contact removal requests or requirements, such as mailing list removal services, do not call registries, and similar services;
- To our contractors, service providers, and other third parties we use to support our business. These entities provide IT and infrastructure support services, payment processing services and marketing software;
- To vendors as we believe necessary or appropriate to comply with applicable laws; and
- To a potential or actual buyer or other successor in the event of a planned or actual merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Resilient Recovery’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Resilient Recovery about our Website’s users is among the assets transferred;
- To fulfill the purpose for which you provide it;
- For any other purpose disclosed by us when you provide the information; and
- With your consent;
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- To enforce or apply our Terms of Service and other agreements, including for billing and collection purposes; and
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Resilient Recovery, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
We may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.
8. Data Retention
Resilient Recovery may retain your information for as long as it believes necessary; as long as necessary to comply with its legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Service or Resilient Recovery. Resilient Recovery may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by Resilient Recovery or as required by law.
9. Data Security
Information transmitted over the Internet is not completely secure, but we do our best to protect your Personal Data. You can help protect your Personal Data and other information by keeping your password to our Websites confidential.
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Website. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures deployed on the Website.
10. Transactions
In connection with any transaction that you conduct through the Service (e.g., the purchase or sale of any products or services on or through the Service), you may be asked to supply certain information relevant to the transaction, including, without limitation, your credit card number and expiration date, your billing address, your address, your phone number and/or your email address. By submitting such information, you grant Resilient Recovery without charge the irrevocable, unencumbered, universe-wide and perpetual right to provide such information to third parties (e.g., payment processing companies, buyers on the Service, sellers on the Service) for the purpose of facilitating the transaction.
All credit card, debit card and other monetary transactions on or through the Service occur through an online payment processing application(s) accessible through the Service. This online payment processing application(s) is provided by Resilient Recovery’s third-party online payment processing vendor, Stripe (“Stripe”). Additional information about Stripe, its privacy policy and its information security measures (collectively, the “ Stripe Policies”) should be available on the Stripe website located at https://stripe.com/us/privacy or by contacting Stipe directly. Reference is made to the Stripe Policies for informational purposes only and are in no way incorporated into or made a part of this Privacy Policy. Resilient Recovery’s relationship with Stripe, if any, is merely contractual in nature, as Stripe nothing more than a third-party vendor to Resilient Recovery, and is in no way subject to Resilient Recovery’s direction or control; thus, their relationship is not, and should not be construed as, one of fiduciaries, franchisors-franchisees, agents-principals, employers-employees, partners, joint venturers or the like.
11. Jurisdictional Issues
The law in some jurisdictions may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these states, please see the privacy addendum for your state that is attached to this Privacy Notice.
Your California Privacy Rights
If you are a resident of California, you have the additional rights described in the California Privacy Addendum.
12. Third Parties
This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information, or other practices of any third parties, including, without limitation, the manufacturer of your mobile device, and any other third-party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of each website and application you visit and use.
13. Your Rights Regarding Your Information and Accessing and Correcting Your Information
You may have certain rights under applicable data protection laws, including the right to access and update your Personal Data, restrict how it is used, and the right to have us erase certain Personal Data about you. You also have the right to complain to a supervisory authority about our processing of your Personal Data.
Applicable data protection laws may provide you with certain rights with regards to our processing of your Personal Data.
- Access and Update. You can review and change your Personal Data by logging into the Website and visiting your “Account” page. You may also notify us through the Contact Information below or through our Website’s Contact Us form of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
- You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing but we have retained it as permitted by law.
- Right to be Forgotten. You have the right to request that we delete all of your Personal Data. We cannot delete your Personal Data except by also deleting your user account, and we will only delete your account when you have requested that we do so. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies.
- You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
- How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed under Contact Information below and through our Website’s Contact Us form. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.
14. Do Not Track Signals
We may use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.
We also may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.
15. Changes to Our Privacy Notice
We may change this Privacy Notice at any time. It is our policy to post any changes we make to our Privacy Notice on this page. If we make material changes to how we treat our users’ Personal Data, we will notify you through a notice on the Website’s home page. The date this Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Notice to check for any changes.
16. Contact Information
You may contact our Data Protection Officer through the contact information below. If you wish to contact us, you may contact both us through the contact information below or through the Contact Us form on our Website.
If you have any questions, concerns, complaints or suggestions regarding our Privacy Notice, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may Contact Us at the contact information below or through the Contact Us page on our Website.
Privacy Notice Addendum for California Residents (CCPA)
Effective Date: January 18, 2024
Last Reviewed on: January 18, 2024
This Privacy Notice Addendum for California Residents (the “California Privacy Addendum”) supplements the information contained in Resilient Recovery’s Privacy Notice and describes our collection and use of Personal Information. This California Privacy Addendum applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice.
Note that this California Privacy Addendum does not apply employment-related personal information collected from our California-based employees, job applicants, contractors, or similar individuals. Please contact your local human resources department if you are a California employee and would like additional information about how we process your Personal Information.
Information We Will Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we collect, and over the prior twelve (12) months have collected, the following categories of personal information from our consumers:
Category | Applicable Pieces of Personal Information Collected |
A. Identifiers. | A real name, postal address, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, address, telephone number, or any financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories. |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, or medical condition. |
D. Commercial information. | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
E. Internet or other similar network activity. | Information on a consumer’s interaction with a website, application, or advertisement. |
F. Geolocation data. | Physical location or movements. |
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Use of Personal Information
We may use, or disclose the personal information we collect and, over the prior twelve (12) months, have used, or disclosed the personal information we have collected, for one or more of the following business or commercial purposes:
- To fulfill the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- Debugging to identify and repair errors that impair existing intended functionality.
- To administer surveys, sweepstakes, promotions, and other contests, and to send newsletters and other similar communications not specifically advertising our own goods and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Resilient Recovery’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Resilient Recovery about our Website users is among the assets transferred.
Resilient Recovery will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sources of Personal Information
Resilient Recovery obtains the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our Website.
Sharing Personal Information
Resilient Recovery may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Resilient Recovery has disclosed the following categories of personal information for a business purpose to the listed categories of third parties:
- Identifiers:
Categories of Third Parties: Service Providers, Business partners, affiliates and subsidiary organizations of Resilient Recovery, and Internet cookie information recipients, such as analytics and behavioral advertising services,
- California Customer Records personal information categories:
Categories of Third Parties: Service Providers, Business partners, affiliates and subsidiary organizations of Resilient Recovery, and Internet cookie information recipients, such as analytics and behavioral advertising services
- Protected classification characteristics under California or federal law:
Categories of Third Parties: Service Providers, Business partners, affiliates and subsidiary organizations of Resilient Recovery, and Internet cookie information recipients, such as analytics and behavioral advertising services.
- Commercial information:
Categories of Third Parties: Service Providers, Business partners, affiliates and subsidiary organizations of Resilient Recovery, and Internet cookie information recipients, such as analytics and behavioral advertising services.
- Internet or other similar network activity:
Categories of Third Parties: Service Providers, Business partners, affiliates and subsidiary organizations of Resilient Recovery, and Internet cookie information recipients, such as analytics and behavioral advertising services.
Sales of Personal Information
As noted in our general Privacy Policy, we do not sell your personal information as the term “sell” is commonly understood to require an exchange for money. However, the California State Attorney General may issue guidance on whether the use of advertising and analytics cookies on our Website may be considered a “sale” of Personal Information as the term “sale” is broadly defined in the CCPA to include both monetary and other valuable consideration. Until such guidance has been issued, we continue to consider it a “sale” in order to be as transparent as possible with users of our Website and will comply with the restrictions of the “sale” of this information to the extent technologically feasible. This “sale” would be limited to our use of third-party advertising and analytics cookies and their use in providing you behavioral advertising and their use in understanding how people use and interact with our Website.
In the preceding twelve (12) months, Resilient Recovery has not “sold” your Personal Information for either monetary or other valuable consideration.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. You may exercise these rights yourself or through your authorized agent.
Access to Specific Information and Data Portability Rights
You have the right to request that Resilient Recovery disclose certain information to you about our collection and use of your personal information over the past 12 months (a “Right to Know” request). You also have the right to request that we provide you with a copy of the specific pieces of personal information that we have collected or created about you. If you make a request for the specific pieces of personal information electronically, we will provide you with a copy of your personal information in a portable and, to the extent technically feasible, readily reusable format that allows you to transmit the personal information to another third-party. You must specifically describe if you are making a Right to Know request or a request for the specific pieces of personal information. If you would like both the information about our collection and use over the past twelve (12) months and a copy of the specific pieces of Personal Data, you must make both requests clear in your email. If it is not reasonably clear from your request, we will only process your request as a Right to Know request.
Once we receive your request and verify your identity (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
For Right to Know requests:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
For requests for specific pieces of personal information:
- The specific pieces of personal information we collected about you (also called a data portability request). We will not disclose your health insurance or medical identification number or your account password or security question or answers. We will also not provide this information if the disclosure would create a substantial, articulable, and unreasonable risk to your personal information, your account with Resilient Recovery, or the security of our systems or networks.
Deletion Request Rights
You have the right to request that Resilient Recovery delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the right to know, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- + 1 844 BESOBER (237-6237)
- https://resilientrecoverycenter.com/
- Visiting our website at https://resilientrecoverycenter.com/
If you (or your authorized agent) submit a request to delete your information online, we will use a two-step process in order to confirm that you want your personal information deleted. This process may include verifying your request through your email address on record / calling you on your phone number on record (which may include an automated dialer) / sending you a text message and requesting that you text us a confirmation / sending you a confirmation through US mail.
If you fail to make your submission in accordance with the ways described above, we may either treat your request as if it had been submitted with our methods described above, or provide you with information on how to submit the request or remedy any deficiencies with your request.
Only you, or your agent that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, see Authorized Agents below. We may request additional information so we may confirm a request to delete your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. This may include:
- verifying your request through your email address on record / calling you on your phone number on record (which may include an automated dialer) / sending you a text message and requesting that you text us a confirmation / sending you a confirmation through US mail.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Authorized Agents
You may authorize your agent to exercise your rights under the CCPA on your behalf by registering your agent with the California Secretary of State. You may also provide your authorized agent with power of attorney to exercise your rights. If you authorize an agent, we may require that your agent provide proof that they have been authorized exercise your rights on your behalf. We may request that your authorized agent submit proof of identity We may deny a request from your agent to exercise your rights on your behalf if they fail to submit adequate proof of identity or adequate proof that they have the authority to exercise your rights.
Response Timing and Format
We will respond to a verifiable consumer request within ten (10) days of its receipt. We will generally process these requests within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any we provide disclosures related to a Right to Know request will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Opt-Out and Opt-In Rights Regarding the “Sale” of Your Personal Information
If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age.
To exercise the right to opt-out, you (or your authorized representative) may adjust your cookie preferences by setting your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you do not consent to our use of cookies or select this setting you may be unable to access certain parts of our Website or other websites. You can find more information about cookies at http://www.allaboutcookies.org.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Changes to This California Privacy Addendum
Resilient Recovery reserves the right to amend this California Privacy Addendum at our discretion and at any time. When we make changes to this California Privacy Addendum, we will post the updated addendum on the Website and update the addendum’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this California Privacy Addendum, the ways in which Resilient Recovery collects and uses your information described above and in the Privacy Notice, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us.
Contact Information
You may contact us through the contact information below. If you wish to contact us, you may contact us through the contact information below or through the Contact Us form on our Website. |
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Notice, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may contact us at the contact information below or through the Contact us form on our website.
To Contact Resilient Recovery (Controller)
Resilient Recovery
43900 Clark Ct
Lancaster CA 93536
United States
+ 1 844 BESOBER (237-6237)
https://resilientrecoverycenter.com/