ONLINE PRIVACY POLICY AGREEMENT

Effective Date: May 29, 2025
Castle Rock Family Services
www.castlerockfamily.com (the “Website” or the “Site”)

Stacie Pasimio, MS, LMFT, Licensed Marriage and Family Therapist, Corp DBA is Castle Rock Family Services ("we", "us", "our") values your privacy. Throughout this Privacy Policy ("Policy"), we refer to any person accessing or using this Website as “you,” or the “User.” The Policy will help you understand how we collect and use personal information from those who visit our Website or use our online services, and what we will and will not do with the information we collect.

We are committed to complying with HIPAA, 10DLC SMS communication rules, and applicable data protection laws. Our Policy has been created to reflect our commitment to current privacy standards and protect all individuals affiliated with Castle Rock Family Services.

1. Scope and Consent

This Policy applies to information we collect:

●     On or through this Website.

●     In email, text, and other electronic messages between you and this Website.

●     When you interact with our forms or other interactive content on third-party websites and services, such as SimplePractice, but only if those applications or advertising include links to this Privacy Policy.

It does not apply to information collected by:

●     Us offline; or

●     Any third party, including through any application or content (including advertising) that may link to or be accessible from, or on, the Website, if those third parties do not include links to this Privacy Policy. Please be aware that we have no control over the content and policies of third party sites, and cannot accept responsibility or liability for their respective privacy practices.

       

Please read this Policy carefully to understand our policies and practices regarding your “Personal Information” (as defined below) and how we will treat it. If you do not agree with our policies and practices, your only choice is not to use our Website. By accessing or using this Website,you are consenting to the data practices described in this Policy.

No Sharing Of Opt-In Data

"Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties."

        Opt-out instructions:
"If you wish to be removed from receiving future communications from Castle Rock Family Services, you can opt out by texting STOP."

 

2. Changes to this Policy

We reserve the right to update this Policy at any time. Your continued use of this Website after we make changes is deemed to be your acceptance of those changes, so we recommend reviewing it regularly.  If we make significant changes in how we use personally identifiable information, we will notify users by the email address provided most recently to us through correspondence and/or through a notice on the Website home page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Policy to check for any changes.

 

3. What Information We Collect

We collect several types of information from and about users of our Website, including log data, device data, and Personal Information.

Log Data

When you visit our Website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (“IP”) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.

Device Data

We may also automatically collect data about the device you’re using to access our Website. This data may include the device type, operating system, unique device identifiers, device settings, and location data. What we collect depends on the individual settings of your device and software.

Personal and Statistical Information

We collect personal information such as:

●     Name, phone number, email, mailing address; and

●     Appointment, billing, insurance information, and communication preferences (including SMS opt-in).

That is about you but individually does not identify you, such as anonymous demographics such as age, gender, etc. This information is not considered Personal Information, as it is anonymized statistical data.

 

4. How and Why We Collect Information

Information We Collect Automatically

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, as described above. The technologies we use for this automatic data collection may include cookies, flash cookies, or web beacons. For more information on these technologies, see our DATA COLLECTION POLICY below. The information we collect automatically is statistical data and does not include Personal Information, but we may maintain it for any of the reasons listed herein.

Information You Provide Directly to Us

The information we collect on or through our Website may include:

●     Information that you provide by filling in forms on our Website or any third party site that includes a link to this Policy. This includes information provided at the time of registering for services. We may also ask you for information if you report a problem with our Website; and/or

●     Records and copies of your correspondence (including email addresses), if you contact us.

Information Provided to Us by Third Parties

If we receive Personal Information about you from a third party platform where this Policy is linked (i.e., SimplePractice), we will protect it as set out in this Policy. If you are a third party providing Personal Information about somebody else, you represent and warrant that you have such person’s consent to provide the Personal Information to us.

Purposes of Collection

We collect your Personal Information to:

●     To enable you to access and use our Website;

●     Provide mental health services and appointment coordination;

●     Communicate billing and insurance information;

●     Send appointment reminders via text or email (with consent);

●     Respond to client inquiries;

●     Improve our website and services;

●     Send optional surveys and feedback requests (with consent);

●     For internal record keeping and administrative purposes;

●     To fulfill any other purpose for which your provide your information and consent; and/or

●     To comply with our legal obligations and resolve any disputes that we may have.

Data Collection Policy

The technologies we use for automatic data collection on this Website may include:

●     Cookies. A cookie (sometimes called a “browser cookie”) is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website;

●     Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies; and/or

●     Web Beacons. Pages of the Website, and our emails, may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages, or opened an email, and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).

Do Not Track

“Do Not Track” is a preference you can set in your browser to let websites you visit know that you do not want them collecting certain information about you. We do not currently respond to, or honor, Do Not Track signals or requests from your browser.

Third-Party Use of Cookies and Other Tracking Technology

Some content or applications on the Website are served by third-parties, including advertisers, ad networks and servers, content providers and application providers. These third parties may use cookies (alone or in conjunction with web beacons or other tracking technologies) to collect information about you when you use our Website. The information they collect may be associated with your Personal Information, or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. 

         

5. SMS Text Messaging and 10DLC Compliance

With your explicit opt-in, Castle Rock Family Services may send you SMS messages regarding:

●     Appointment reminders or reschedules;

●     Billing or insurance updates; and

●     Administrative messages.

Message and data rates may apply. Reply STOP to opt out at any time, or HELP for assistance. We do not send SMS marketing messages.

Opt-in is collected via our website or during the intake process through signed communication consent forms. Participation in texting is not required to receive services.

 

6. How Long We Keep Data

We retain data only as long as necessary to meet legal, operational, or client care obligations. Factors include:

●     Recordkeeping laws and clinical requirements;

●     Statute of limitations for legal claims; and/or

●     Professional body and licensing requirements.


7. Use of Information Collected

Castle Rock Family Services does not sell, rent, or lease client lists or personal information. We use collected information to:

●     Operate and manage services;

●     Respond to client needs;

●     Complete surveys and research; and

●     Improve online experiences.

We may communicate with you for non-marketing purposes (e.g., service updates, policy changes).


8. Disclosure of Information

We may disclose information only:

●     To fulfill the purpose for which you provide it;

●     As required by law (e.g., subpoena or court order);

●     To service providers and other third parties we use to support our business and who are bound by contractual obligations, such as a Business Associate Agreement, to keep Personal Information confidential and use it only for the purposes for which we disclose it to them;

●     With your explicit written consent;

●     To maintain or enforce our Terms of Service;

●     In an anonymized format for reporting or analytics; and/or

●     To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by us about our Website users is among the assets transferred. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your Personal Information according to this Policy.

Some third party service providers we may share information with, including Personal Information, include, but are not limited to:

●     Information Technology (“IT”) service providers;

●     Data storage, hosting, and server providers;

●     Analytics companies;

●     Error loggers;

●     Maintenance or problem-solving providers;

●     Marketing or advertising providers;

●     Professional advisors;

●     Payment systems operators;

●     Debt collectors;

●     Our legal counsel and/or prospective legal counsel; and/or

●     Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law.

We may disclose aggregated, anonymized, statistical data and/or non-identifying information about our users without restriction.

 

9. Children Under 13 (COPPA Compliance)

Our Website is not intended for children under 13 years of age. No one under the age of 13 may provide any Personal Information to, or on, the Website. We do not knowingly collect data from children under age 13. If you are under 13, do not use or provide any information on this Website, or on or through any of its features/functionality. If such information is inadvertently collected, it will be deleted immediately or require verified parental consent. If you believe we might have any information from or about a child under 13, please contact us at info@castlerockfamily.com.

 

10. Your Choices & California Privacy Rights

We strive to provide you with choices regarding the Personal Information you provide to us. The following mechanisms should help to provide you with control over your information:

●     Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this Website may be inaccessible or not function properly.

●     Disclosure of Your Information for Advertising. We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

●     Accessing and Correcting Your Information. If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can review and change your Personal Information by sending us an email at  info@castlerockfamily.com to request access to, correct, or delete any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or regulatory requirement, result in fraud, or cause the information to be incorrect.

●     Unsubscribing. To unsubscribe from email or SMS, contact us at info@castlerockfamily.com or reply STOP to any text message.

If you are a California resident, you have the right to request information from us regarding the manner in which we share certain categories of your Personal Information with third parties for their own direct marketing uses. California’s “Shine the Light” Act provides that you have the right to submit a request to us at our email address in order to receive information on the categories of customer information that we shared and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To obtain this information, please send an email message to info@castlerockfamily.com with "Request for California Privacy Information" in the subject line and in the body of your message. We will provide the requested information to you in your email address in response.

Please be aware that not all information sharing is covered by the Shine the Light requirements, and only information on covered sharing will be included in our response.

 

11. Security

We protect your information using:

●     SSL encryption;

●     HIPAA-compliant storage;

●     Secure user authentication; and

●     Access restriction protocols.

Our physical and digital systems are monitored and updated to prevent unauthorized access, disclosure, or misuse.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) access to certain parts of our Website specific to you (i.e., a client portal), you are responsible for keeping this access secure. We ask you not to share your passwords or access keys with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

12. International Users – GDPR Notice

The owner of the Website is based in the state of California, in the United States of America. We provide this Website, as well as our clinical services, for use only by persons located in the United States, unless otherwise specifically indicated. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States.


13. Contact Us

For questions or concerns, contact:

Castle Rock Family Services
 📍 3281 E Guasti Rd Ste 713, Ontario, CA 91761
 📞 (909) 600-8134
 📧 info@castlerockfamily.com