Serenity Malibu is committed to safeguarding your privacy. Contact us at firstname.lastname@example.org if you have any questions or problems regarding the use of your Personal Data and we will gladly assist you.
Table of Contents
- Definitions used in this Policy
- Data protection principles we follow
- What rights do you have regarding your Personal Data
- What Personal Data we gather about you
- How we use your Personal Data
- Who else has access to your Personal Data
- How we secure your data
- Information about cookies
- Contact information
- Protected Health Information (PHI)
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
We/us (either capitalized or not) – Serenity Malibu
Data Protection Principles
We promise to follow the following data protection principles:
- Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
- Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
- Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
- Processing is limited with a time period. We will not store your personal data for longer than needed.
- We will do our best to ensure the accuracy of data.
- We will do our best to ensure the integrity and confidentiality of data.
Data Subject’s rights
The Data Subject has the following rights:
- Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
- Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
- Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
- Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
- Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
- Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
- Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
- Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
- Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
- Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.
Data we gather
Information you have provided us with
Serenity Malibu may obtain the following types of information from you or concerning your computer or device (“Information”), which may include information that can be used to identify you as specified below (“Personally Identifiable Information”):
- Email Address
- Mailing Address
- Telephone Number(s)
- Credit Card Information
- Blog or Website URL
- Social Networking Handle or Username
- Demographic Information (e.g., age, gender, interests, and preferences)
- Professional Title
- Activities or Content Viewed on Serenity Malibu’s Website
- Information Collected Automatically ( detailed below )
- Information Received from Third Parties ( detailed below )
In certain cases, we may request that you provide some of the Information identified above in order to obtain specific products or services. If you choose not to provide the Information we request, you may still use Serenity Malibu’s website, but you may be unable to access certain features or services.
When you register to receive any products or services from Serenity Malibu or provide information to Serenity Malibu in any other manner, you agree to provide only true, accurate, current and complete information.
Information automatically collected about you
Serenity Malibu may automatically receive and log certain types of information when you visit or interact with our websites, services, mobile applications or other products, including:
- Browser Information
- Operating System Information
- Mobile Device Information (e.g., device identifier, mobile operating system, etc.)
- IP Address
- Internet Service Provider
- Content Viewed
- Geographic Location
- Connection Speed
- Time of Visit
- Referring Site, Application, or Service
- Registration Time
Information from our partners
If you choose to use any third party website or service that is integrated with Serenity Malibu, including a third party social networking or blogging site, such as LinkedIn, Facebook, Twitter or WordPress (“Third Party Websites”) – or if you use any Serenity Malibu application provided through any Third Party Website – we may receive Information, including Personally Identifying Information, from such Third Party Websites, including, but not limited to:
- Nickname or Username
- Photo or Graphic Avatar
- Unique Third Party Website Identifier (e.g., Facebook User ID)
- Biographical or Demographic Information (e.g. professional title, gender, college attended, etc.)
- Likes and Interests
- Any Information That Is Publicly Available on Third Party Websites
For example, Serenity Malibu may offer the ability to use certain Third Party Websites to facilitate your registration on the Serenity Malibu website. We may also use information about your profile and connections on Third Party Websites to allow you to share or connect with your friends and contacts on the Serenity Malibu website or to personalize your experience. In addition, the Serenity Malibu website offers “plugins” and “widgets” from various Third Party Websites that allow you to share Serenity Malibu content off of our service, as discussed in “Disclosure of Information to Third Parties”.
Your decision to use, or share with, a Third Party Website when accessing or using Serenity Malibu products and services is completely voluntary. Serenity Malibu is not responsible for compliance with the policies or practices of any Third Party Website. You should ensure that you are comfortable with the information such Third Party Websites may make available to Serenity Malibu by reviewing those Websites’ privacy policies and service terms, and by modifying your privacy settings and preferences on those Services.
Publicly available information
We might gather information about you that is publicly available.
How we use your Personal Data
We use your Personal Data in order to:
- Provide products and services
- Fulfill your requests
- Improve our products and services
- Personalize and tailor your experience on the Serenity Malibu website
- Operate our business
- Understand how users are engaging with the Serenity Malibu website
We use your Personal Data on legitimate grounds and/or with your Consent.
On the grounds of entering into a contract or fulfilling contractual obligations, we Process your Personal Data for the following purposes:
- To identify you for communication purposes
- To provide you a service or to send/offer you a product
- To communicate either for sales or invoicing
On the ground of legitimate interest, we Process your Personal Data for the following purposes:
- To send you personalized offers (from us and/or our carefully selected partners);
- To administer and analyze our client base (purchasing behavior and history) in order to improve the quality, variety, and availability of products/ services offered/provided;
- To conduct questionnaires concerning client satisfaction;
As long as you have not informed us otherwise, we consider offering you products/services that are similar or same to your purchasing history/browsing behavior to be our legitimate interest.
With your consent we Process your Personal Data for the following purposes:
- To send you newsletters and campaign offers (from us and/or our carefully selected partners);
- For other purposes we have asked your consent for;
We Process your Personal Data in order to fulfill obligation rising from law and/or use your Personal Data for options provided by law. We reserve the right to anonymize Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymized. We save your billing information and other information gathered about you for as long as needed for accounting purposes or other obligations deriving from law.
We might process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:
- The link between purposes, context and nature of Personal Data is suitable for further Processing;
- The further Processing would not harm your interests and
- There would be appropriate safeguard for Processing.
We will inform you of any further Processing and purposes.
Who else can access your Personal Data
We do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners in order to either make providing the service to you possible or to enhance your customer experience.
We only work with partners who are able to ensure adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.
How we secure your data
We do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymizing and pseudonymizing where suitable. We monitor our systems for possible vulnerabilities and attacks. Stored data is encrypted when possible.
Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
If you have an account with us, note that you have to keep your username and password secret.
We do not intend to collect or knowingly collect information from children. We do not target children with our services.
Cookies and other technologies we use
A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make sites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions.
- Necessary cookies – these cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
- Functionality cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalized features possible. For example, they might remember your name and e-mail in comment forms so you don’t have to re-enter this information next time when commenting.
- Analytics cookies – these cookies are used to track the use and performance of our website and services
- Advertising cookies – these cookies are used to deliver advertisements that are relevant to you and to your interests. In addition, they are used to limit the number of times you see an advertisement. They are usually placed to the website by advertising networks with the website operator’s permission. These cookies remember that you have visited a website and this information is shared with other organizations such as advertisers. Often targeting or advertising cookies will be linked to site functionality provided by the other organization.
You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.
6021 Galahad Dr
Malibu, CA 90265
Protected Health Information (PHI)
Serenity Malibu will be referred to in this Notice of Privacy Practices (“Notice”) as “Facility.” This Notice is given to you by Facility to describe the ways in which Facility may use and disclose your medical information (called “protected health information” or “PHI”) and to notify you of your rights with respect to PHI in the possession of Facility. Facility protects the privacy of PHI, which also is protected from disclosure by state and federal law. In certain circumstances, pursuant to this Notice, resident authorization or applicable laws and regulations, PHI can be used by Facility or disclosed to other parties. Below are categories describing these uses and disclosures, along with some examples to help you better understand each category.
Uses and Disclosures for Treatment, Payment and Health Care Operations
Facility may use or disclose your PHI for the purposes of treatment, payment and health care operations, described in more detail below, without obtaining written authorization from you.
FOR TREATMENT: Facility may use and disclose PHI in the course of providing, coordinating, or managing your medical treatment, including the disclosure of PHI for treatment activities at another healthcare facility. These types of uses and disclosures may take place between physicians, nurses, technicians, students, and other health care professionals who provide you health care services or are otherwise involved in your care. For example, if you are being treated by a primary care physician, that physician may need to use/disclose PHI to a specialist physician whom he or she consults regarding your condition, or to a nurse who is assisting in your care.
FOR PAYMENT: Facility may use and disclose PHI in order to collect payment for the health care services provided to you. For example, Facility may need to give PHI to your health plan in order to be reimbursed for the services provided to you. Facility may also disclose PHI to their business associates, such as billing companies, claims processing companies, and others that assist in processing health claims. Facility may also disclose PHI to other health care providers and health plans for the payment activities of such providers or health plans.
FOR HEALTH CARE OPERATIONS: Facility may use and disclose PHI as part of their operations, including for quality assessment and improvement, such as evaluating the treatment and services you receive and the performance of our staff in caring for you. Other activities include hospital training, underwriting activities, compliance and risk management activities, planning and development, and management and administration. Facility may disclose PHI to doctors, nurses, technicians, students, attorneys, consultants, accountants, and others for review and learning purposes. These disclosures help make sure that Facility is complying with all applicable laws, and are continuing to provide health care to residents at a high level of quality. Facility may also disclose PHI to other health care facilities plans for certain of their operations, including their quality assessment and improvement activities, credentialing and peer review activities, and health care fraud and abuse detection or compliance, provided that those other facilities and plans have, or have had in the past, a relationship with the resident who is the subject of the information.
FOR SHARING PHI AMONG FACILITY AND PROFESSIONAL STAFF: Facility works together with physicians and other care providers on their professional staff to provide medical services to you when you are a resident at Facility. Facility and members of their respective professional staff will share PHI with each other as needed to perform their treatment, payment and health care operations activities.
OTHER USES AND DISCLOSURES FOR WHICH AUTHORIZATION IS NOT REQUIRED: In addition to using or disclosing PHI for treatment, payment and health care operations, Facility may use and disclose PHI without your written authorization under the following circumstances:
AS REQUIRED BY LAW AND LAW ENFORCEMENT: Facility may use or disclose PHI when required by law, Facility also may disclose PHI when ordered to in a judicial or administrative proceeding, in response to subpoenas or discovery requests, to identify or locate a suspect, fugitive, material witness, or missing person, when dealing with gunshot and other wounds, about criminal conduct, to report a crime, its location or victims, or the identify, description or location of a person who committed a crime, or for other law enforcement purposes.
FOR PUBLIC HEALTH ACTIVITIES AND PUBLIC HEALTH RISKS: Facility may disclose PHI to government officials in charge of collecting information about births and deaths, preventing and controlling disease, reports of child abuse or neglect and of other victims of abuse, neglect, or domestic violence, reactions to medications or product defects or problems, or to notify a person who may have been exposed to a communicable disease or may be at risk of contracting or spreading a disease or condition.
FOR HEALTH OVERSIGHT ACTIVITIES: Facility may disclose PHI to the government for oversight activities authorized by law, such as audits, investigations, inspections, licensure or disciplinary actions, and other proceedings, actions or activities necessary for monitoring the health care system, government programs, and compliance with civil rights laws.
CORONERS, MEDICAL EXAMINERS, AND FUNERAL DIRECTORS: Facility may disclose PHI to coroners, medical examiners, and funeral directors for the purpose of identifying a decedent, determining a cause of death, or otherwise as necessary to enable these parties to carry out their duties consistent with applicable law.
ORGAN, EYE, AND TISSUE DONATION: Facility may release PHI to organ procurement organizations to facilitate organ, eye, and tissue donation and transplantation.
RESEARCH: Under certain circumstances, Facility may use and disclose PHI for medical research purposes.
TO AVOID A SERIOUS THREAT TO HEALTH OR SAFETY: Facility may use and disclose PHI to law enforcement personnel or other appropriate persons, to prevent or lessen a serious threat to the health or safety of a person or the public.
LAWSUITS AND DISPUTES: If you are involved in a lawsuit or a dispute, Facility may disclose health information about you in response to a court or administrative order.
SPECIALIZED GOVERNMENT FUNCTIONS: Facility may use and disclose PHI of military personnel and veterans under certain circumstances, and may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities, and for the provision of protective services to the President or other authorized persons or foreign heads of state or to conduct special investigations.
WORKERS’ COMPENSATION: Facility may disclose PHI to comply with workers’ compensation or other similar laws that provide benefits for work-related injuries or illnesses.
HEALTH-RELATED BENEFITS AND SERVICES; LIMITED MARKETING ACTIVITIES: Facility may use and disclose PHI to inform you of treatment alternatives or other health-related benefits and services that may be of interest to you, such as disease management programs.
Disaster Relief: Facility may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
DISCLOSURES TO YOU OR FOR HIPAA COMPLIANCE INVESTIGATIONS: Facility may disclose your PHI to you or to your personal representative, and are required to do so in certain circumstances described below in connection with your rights of access to your PHI and to an accounting of certain disclosures of your PHI. Facility must disclose your PHI to the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) when requested by the Secretary in order to investigate compliance with privacy regulations issued under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)
Uses and Disclosures to Which You May Object:
You may object to the following uses and disclosures of PHI that Facility may make:
RESIDENT DIRECTORIES: Your information may be included in a resident directory that is available only to those individuals whom you have identified as contacts during your stay at our treatment center. You will receive a unique resident code that can be provided to these contacts.
Other Uses and Disclosures of PHI for Which Authorization Is Required:
Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which you have the limited right to revoke in writing.
REGULATORY REQUIREMENTS: Facility is required by law to maintain the privacy of your PHI, to provide individuals with notice of their legal duties and privacy practices with respect to PHI, and to abide by the terms described in this Notice. Facility reserves the right to change the terms of this Notice and of its privacy policies, and to make the new terms applicable to all of the PHI it maintains. Before Facility makes an important change to its privacy policies, they will promptly revise this Notice and post a new Notice in registration and admitting areas. You have the following rights regarding your PHI:
You may request the Facility restrict the use and disclosure of your PHI. Facility is not required to agree to any restrictions you request, but if the entity does so it will be bound by the restrictions to which it agrees except in emergency situations.
You have the right to request that communications of PHI to you from Facility be made by particular means or at particular locations. For instance, you might request that communications be made at your work address, or by e-mail rather than regular mail. Your requests must be in writing and sent to the Privacy Officer. Facility will accommodate your reasonable requests without requiring you to provide a reason.
Generally, you have the right to inspect and copy your PHI in the possession of Facility if you make a request in writing to the Facility’s Medical Records Department. Within thirty (30) days of receiving your request (unless extended by an additional thirty (30) days), Facility will inform you of the extent to which your request has or has not been granted. In some cases, Facility may provide you a summary of the PHI you request if you agree in advance to such a summary and any associated fees. If you request copies of your PHI or agree to a summary of your PHI, Facility may impose a reasonable fee to cover copying, postage, and related costs. If Facility denies access to your PHI, it will explain the basis for denial and your opportunity to have the denial reviewed by a licensed health care professional (not involved in the initial denial decision) designated as a reviewing official. If Facility does not maintain the PHI you request, if it knows where that PHI is located it will tell you how to redirect your request.
If you believe that your PHI maintained by Facility contains an error or needs to be updated, you have the right to request that the entity correct or supplement your PHI. Your request must be made in writing to the local Medical Records Department and it must explain why you are requesting an amendment to your PHI. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), Facility will inform you of the extent to which your request has or has not been granted. Facility generally can deny your request if your request relates to PHI: (i) not created by Facility; (ii) that is not part of the records Facility maintains; (iii) that is not subject to being inspected by you; or (iv) that is accurate and complete. If your request is denied, Facility will give you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) submit a request that any future disclosures of the relevant PHI be made with a copy of your request and Facility’s denial attached, if you do not file a statement of disagreement; and (iii) complain about the denial.
You generally have the right to request and receive a list of disclosures of your PHI Facility has made during the six (6) years prior to your request (but not before April 14, 2003). The list will not include disclosures (i) for which you have provided a written authorization; (ii) for treatment, payment, and health care operations; (iii) made to you; (iv) for an Facility resident directory or to persons involved in your health care; (v) for national security or intelligence purposes; (vi) to correctional institutions or law enforcement officials; or (vii) of a limited data set. You should submit any such request to the Privacy Officer, and within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), Facility will respond to you regarding the status of your request. The entity will provide the list to you at not charge, but if you make more than one request in a year you will be charged $25.00 for each additional request.
You have the right to receive PHI in an electronic format, if electronic medical records are in use in the facility.
You have the right to receive a paper copy of this notice upon request even if you have agreed to receive this notice electronically. To obtain a paper copy of this notice, please contact the Privacy Officer (Contact information below).
You have the right to receive notice in the event of a breach of confidentiality.
You have the right to opt out of all communications from our company including fundraising, call 1-866-780-8539.
You have the right to restrict disclosures of PHI to health plans if you have paid for services out of pocket in full.
CHANGES TO THIS NOTICE: We reserve the right to change this notice and make the new notice apply to Health Information we already have as well as any information we receive in the future. We will post a copy of the new notice on our website. The notice will contain the effective date on the second page, in the bottom right-hand corner.
You may complain to Facility if you believe your privacy rights with respect to your PHI have been violated by contacting Facility’s Privacy Officer and submitting a written complaint. To reach the Facility for any reason associated with this Notice, please write or call:
32223 Pacific Coast Highway
Malibu, CA 90265
Tel: (866) 780-8539
Facility will not penalize you or retaliate against you for filing a complaint regarding their privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services at 200 Independence Avenue, S.E., Washington, DC
Last modification was made 10/04/2018.