Effective Date: 01/01/19
Last Modified: 01/23/19
We are committed to the protection of your privacy while you use firststepsrecovery.com.
Who are we (in other words, who is collecting your Personal Data)?
We are a subsidiary of Sirona Behavioral Health, 29122 Rancho Viejo Rd., Suite 101San Juan Capistrano, CA 92675. We collect and process your Personal Data, as well as manage our third-party service providers that additionally process your Personal Data.
Who is our data protection officer (in other words, who oversees the handling of your personal data)?
Our data protection officer, or DPO, is Jeremy Armstrong. Our DPO can be reached at firstname.lastname@example.org.
How can you contact us?
The best way to firststepsrecovery.com is as follows: Phone: (855) 574-7662.
What Personal Data do we collect from you and why?
Through your visitation to, use of, and interaction with firststepsrecovery.com, you will be asked for certain types of Personal Data. This section will only cover Personal Data that we receive specifically from you.
- Personal Data collected when you register or, click “Submit” in order to “Get Your Free Confidential Consultation” on our home page. That way we can contact you about our services and be ready to address any specific matters you reference in your message, we may do this via email, text, and/or phone call. You will be required to register to use any of our services. When you do so, we ask you for the following Personal Data: email, phone number, name, what resources you have for treatment.
Why do we collect this Personal Data? We collect the Personal Data we do at registration for the sole and exclusive purpose of providing our services to you and allowing you to use firststepsrecovery.com. By registering with us, we’ll be able to better serve you and provide a more personalized user experience for you each time that you visit us. As well for these purposes:
- to respond to your inquiries and fulfill your requests;
- to inform you about important information regarding the Site or services which may interest you or changes to terms, conditions, and policies and/or other administrative information;
- to deliver marketing communications that we believe may be of interest to you, including, ads or offers tailored to you, including ads on other websites;
- to personalize your experience on the Site;
- to verify your identity and/or location (or the identity or location of your representative or agent) in order to allow access to your services, conduct online transactions and to maintain measures aimed at preventing fraud and protecting the security of your Personal Information;
- to allow you to participate in surveys and other forms of market research;
- for business purposes, including data analysis, audits, developing and improving services, enhancing the Site, identifying usage trends and determining the effectiveness of web pages; and
- for risk control, for fraud detection and prevention, to comply with laws and regulations, and to comply with other legal process and law enforcement requirements.
2. Personal Data collected when we communicate with you: As a user of firststepsrecovery.com, we may communicate with you about your account with us. These communications specifically won’t be marketing communications, but will rather be informational items such as updates to our policies or other privacy-related matters. You may also be asked questions about how to improve sironacenter.com, or you may, at some point, communicate with our representatives because of questions that you have. We consider this information Personal Data. We will receive the contents of your communications, answers to questions, and any other form of contact between you and us.
Why do we collect this Personal Data? We collect the Personal Data we do through your communication with us to assist you in using our services.
What Personal Data do we collect about you that we get from other sources and why?
3. Personal location data: We may use and store information about your location depending on the permissions you have set on your device.
Why do we collect this Personal Data? We solely and exclusively use this information to provide location-related features of our services, such as treatment options or other informational services regarding the purpose of your visit relevant to your location. You can enable or disable location services when you use our services at any time, through your mobile device settings.
5. Personal data that we combine or aggregate: We may combine or aggregate some of your Personal Data with non-personal data collected from you. While the non-personal data may already be completely anonymous, we may take the extra step of ensuring the data undergoes anonymization or pseudonymization. Either way, this non-personal data may be stored in the same location or used in conjunction with your Personal Data. In case the aggregation of your Personal Data and non-personal data allows us to identify you, we will handle such aggregated information as Personal Data.
Why do we combine or aggregate data? We combine or aggregate data in order to better serve you and to better enhance and update firststepsrecovery.com for your and other consumers’ use.
What is our legal basis for processing your Personal Data?
We respect data minimization principles, which is a fancy way of saying we only collect the minimal amount of Personal Data required for legitimate business purposes. In other words, we need the Personal Data that we do to effectively run our business, and we don’t collect more than is necessary. The Personal Data you provide to us voluntarily (like the kind of information that you gave through registration, use, and communication with us) is completely up to you. That said, we may still process automatic Personal Data, such as that received through cookies, regardless of how you interact with our website.
Will your Personal Data ever be shared and if so, how and with whom?
We use third party service providers to help us operate firststepsrecovery.com, but we’ll never share your Personal Data other than as described here without your explicit consent. These are the third party service providers we currently use, as well as why we use them:
MailChimp for list management.
Salesforce for customer relationship management.
CallTrackingMetrics for call and form fill management.
In certain cases, however, we may have to disclose your Personal Data to third parties. We limit that disclosure to the following circumstances:
- To satisfy any local, state, or Federal laws or regulations;
- To respond to requests, such as discovery, criminal, civil, or administrative process, subpoenas, court orders, or writs from law enforcement or other governmental or legal bodies;
- To bring legal action against a User who has violated the law or violated the User agreements
- In the case of any business transfer, sale, or transfer of assets of firststepsrecovery.com;
- To generally cooperate with any lawful investigation about our Users; or
- If we suspect any fraudulent activity on firststepsrecovery.com, or if we have noticed any activity which may violate our Terms & Conditions or other applicable rules.
Please note that we do not share, sell, or otherwise provide your Personal Data to any third-party advertisers.
Do we ever send you marketing communications?
We may send you marketing communications, such as newsletters and brochures, but only after we obtain your explicit consent. In other words, we’re never going to automatically add you to a mailing list or other marketing communication list – we’ll specifically ask you to opt-in to the communications you want to receive. If you do consent to receive marketing communications through your affirmative opt-in, you’ll be receiving things like newsletters, target campaigns, and offerings of new products, services or recommendations. We also may send push notifications to your mobile device if you’ve consented to do so.
Even if you do want to get marketing messages from us, you’ll be able to revoke your consent at any time. You can do so for push notifications by deactivating the notification permissions on your mobile device. You can do so for marketing communications by
- Clicking on the “unsubscribe” link contained in each marketing email sent to you, exclusive of the initial welcome email requesting “opt-in” for such communications; or
- Sending an email to email@example.com.
We’ll take you off our marketing list as soon as we can, and you won’t hear from us again.
How do we store and protect your Personal Data?
Personal Data Storage: We only store your Personal Data as long as it is necessary for providing you with the requested services or until you stop using our services and request deletion of your data (more information can be found in the section below, “What are your rights in relation to your Personal Data?”). Specifically, we store your Personal Data as follows: Salesforce (CRM).
Personal Data Protection: We employ organizational and technical security measures to protect your Personal Data, such as limiting access to your Personal Data, secured networks, encryption, and anonymization.
We use secure physical and digital systems to store your Personal Data. We ensure that your Personal Data is protected against unauthorized access, disclosure, or destruction by utilizing practices that are consistent with standards in the industry to protect your privacy.
Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take all reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm as well as notifying you of such breaches as soon as possible, but in no event, later than two weeks time.
What are your rights in relation to your Personal Data?
By using firststepsrecovery.com, you can exercise the following rights:
- REFUSING TO PROVIDE YOUR PERSONAL DATA: The voluntary Personal Data you provide to us is an integral part of your use of firststepsrecovery.com. You can choose to forego the provision of that data, but you may be restricted from using some or all of our services.
- ACCESSING, OBTAINING, MODIFYING, AND DELETING YOUR PERSONAL DATA: If you wish to access or obtain in a format convenient for you, modify, or delete any Personal Data we may have about you, you may do so by contacting us at firstname.lastname@example.org. We will reply to your request as soon as possible but in no event later than two (2) weeks.
- LAUNCHING A COMPLAINT WITH A DATA PROTECTION AUTHORITY: If you are a resident of the European Union and you are not satisfied with the outcome of your complaint submitted to us, you have the right to lodge a complaint with your local data protection authority.
How can you launch a complaint if you’re unhappy with the way in which we collect or process your Personal Data?
U.S. Residents: If you’re located in the United States, the collection of your Personal Data, as well as our commitment to the EU-U.S. and Swiss-U.S. Privacy Shield, is subject to investigation and enforcement by the Federal Trade Commission (“FTC”). In compliance with the Privacy Shield Principles, we’re committed to resolving any complaints about the handling of your Personal Data as quickly and efficiently as we can, but if you’re not happy, you can lodge a complaint with the FTC.
California Privacy Rights: California Civil Code Section § 1798.83 permits Users of firststepsrecovery.com that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com.
E.U. Residents: If you are a resident of the European Union and you are not satisfied with the outcome of your complaint as you submitted it to us, you have the right to lodge a complaint with your local data protection authority. As part of our commitment to the Privacy Shield Principles, we’ve also committed to resolving complaints through an independent recourse mechanism, specifically the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. To a lodge a complaint there, you can visit https://www.bbb.org/EU-privacy-shield/.
You may also be able to invoke binding arbitration before a Privacy Shield Panel created by the U.S. Department of Commerce and European Commission, under certain conditions as detailed in the Privacy Shield.
What about the international transfer of Personal Data?
We are based in the United States, specifically San Juan Capistrano, California. In other words, your Personal Data may be transferred from the location in which you reside to our physical location in the United States. It may also be transferred to third parties, as described above, located in the United States. The risks of transferring data outside of your jurisdiction to the United States include the possibility of data breaches and loss. Before using our services, we ask you to specifically consent to the transference of your personal data to the United States. We will continue to process your Personal Data in the manner described herein, and if we change anything about how we handle your Personal Data, including the international transfer of your Personal Data, we will seek your explicit consent again.
Do we collect any Personal Data from minors?
We do not allow the use of firststepsrecovery.com or any of our services by users under the age of 18 (eighteen), even users located in the E.U. As such, we don’t collect, store, or otherwise use any Personal Data from any minors. If you are a parent or guardian, and you learn that your children have provided us with Personal Data, please contact us at firstname.lastname@example.org. If we become aware that we have collected Personal Data from children without verification of parental consent, we will immediately take steps to remove that information from our servers.
Are we certified to the EU-US Privacy Shield?
- Security: As we note in our section, “How do we store and protect your Personal Data?,” we take reasonable and appropriate measures to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data on the Internet.
- Access: As described in our section, “What are your rights in relation to your Personal Data?,” you have the right to access your Personal Data and to correct, amend, or delete it if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to your privacy, or where the rights of other people would be violated). To exercise any of these rights, you can email us at email@example.com.
Recourse, Enforcement, and Liability: As noted above, our participation in the EU-U.S. and Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. Our above section, “How can you launch a complaint if you’re unhappy with the way in which we collect or process your Personal Data?,” gives you all of the information you need to know about the recourse mechanisms you have about the way we process your Personal Data.
Because the Privacy Shield Principles are very important to us, and we want to remain certified, we periodically review and verify our compliance with the Privacy Shield Principles. In case any issues arise with our compliance, we’re committed to correcting them as soon as we can.