General Data Protection Regulation Policy
Last updated: May 2018
WHAT DATA WE COLLECT
Lisa A. Graziano’s, M.A., LMFT website users voluntarily provide me with data, including data that can be used to identify, either directly or indirectly, an individual (“Personal Data”) when they access our website (“Websites”).
Data Provided by Users.
Name, address, email, telephone number (collectively "Account Information")
Information submitted as a result of completing forms on my Website, commenting on or downloading information from my Website
Customer content stored, processed, maintained or transmitted using my Website
File system information such as stored file folder names, file extensions, file sizes, and the configuration of any device registered for use in connection with the Services
Technical information as a result of configuring Services, including IP addresses, browser-type, device-type, internet service provider, referring or exiting pages, operating system, date and time stamp or clickstream data
Any other information shared with me directly or indirectly through the Website
Aggregate Information. I do not use, process, transfer and store user data in an aggregated manner.
Automated Decisions. I do not collect data in an automated manner and do not make and use automated decisions about customers.
WHY WE USE DATA
I process data, including Personal Data, for a variety of purposes, such as:
Where necessary to comply with law
Where the processing is necessary for the performance of a contract, e.g., to facilitate backing-up and restoring data, for archiving purposes, or to provide technical support
Where the processing is necessary for the purposes of our legitimate interests, taking into account individual interests. Our legitimate interests include providing Services, internal record-keeping and administrative purposes and to operate, maintain and improve the Website
I use certain automatic data collection technologies such as cookies, web beacons, pixel tags and other technologies to collect data, including Personal Data, when users visit the Website, use the Services or interact with us. I do not share this data with any third-party marketing vendors (including for example, advertising networks and providers of external services like web traffic analysis services and analytics tools). We explain these technologies below.
Cookies. Cookies are small text files placed on a computer by a web server when browsing online and are used to store user preference data so that a web server doesn't have to repeatedly request this information. A user may block cookies by activating the settings on the browser that blocks all or some cookies. However, if a user blocks all cookies (including strictly necessary cookies), a user may not be able to access all or parts of my Website. I use some or all of the following cookies:
Strictly Necessary Cookies. These cookies are required for the operation of my Website. They include, for example, cookies that enable a user to log-in to secure areas of my Website.
Analytical and Performance Cookies. These cookies allow me to recognize and count the number of users visiting my Website and see how those users navigate my Website. This helps us to improve my Websites.
Functionality Cookies. These cookies recognize a user that returns to my Website. This enables us to personalize our content, greet the user by name and remember preferences, for example, choice of language or region.
Targeting Cookies. These cookies record visits to my Website and the links followed. We use this information to improve my Website.
Web Beacons. A web beacon is a small pixel incorporated into a web page or email to keep track of activity on the page or email. A web beacon helps better manage the content of Websites by informing what content is effective.
Cross-device Tracking. I may use third-party cross-device tracking. For example, a user may use multiple browsers on a single device, or use various devices, which can result in the user having multiple accounts or profiles across various devices. Cross-device tracking may be used to connect these various accounts or profiles and the corresponding data from different devices.
GLOBAL DATA MANAGEMENT
Data collected by me will not be transferred or accessed by any other organization including those inside the U.S. and those in the European Economic Area (“EEA”).
WHEN AND WHY WE SHARE YOUR PERSONAL DATA
I do not and will not sell Personal Data to marketers or other vendors.
I may share data, including Personal Data, in the following circumstances:
Service Providers. I may share data, including Personal Data, with our contracted third-party service providers in order to provide and improve my Services and Website. These third-parties include affiliates and subsidiaries, business partners, payment and delivery services, analytics providers, data storage and hosting partners, IT specialists and product developers.
Legal Purposes. I may share data, including Personal Data, as necessary to comply with applicable law, court orders, governmental agencies, for the administration of justice, to protect vital interests, to protect the security or integrity of my Services, Website, or to take precautions against legal liability.
Sale. In the event of a sale of my business I may share data, including Personal Data. Users acknowledge and agree that data, including encrypted stored data and Personal Data that I have collected, may be securely shared, disclosed and transferred to such assignee.
RETENTION OF DATA
I may retain data, including Personal Data, for as long as necessary to deliver Services or as needed for other lawful purposes. I do not retain anonymized or pseudonymized, aggregated data.
Subject to applicable data protection laws, users have the following rights with respect to my handling of Personal Data:
Access. The right to access Personal Data held by Lisa A. Graziano, M.A., LMFT.
Opt-Out. The right to object to certain processing of Personal Data (unless I have overriding compelling grounds to continue processing), including the right to opt-out of receiving any material. I will, however, continue to use Personal Data for the limited purpose of communicating important notices relating to Services or policies, and other reasons permitted by law.
Rectification. The right to request correction of Personal Data that is incomplete, incorrect, unnecessary or outdated.
Right to be Forgotten. The right to request erasure of all Personal Data that is incomplete, incorrect, unnecessary or outdated within a reasonable period of time. I will do everything possible to erase Personal Data if a user so requests. However, I will not be able to erase all Personal Data if it is technically impossible due to limitations of existing technology or for legal reasons, such as I am mandated by applicable law to retain Personal Data.
Restriction of Processing. The right to request restriction of processing Personal Data for certain reasons, such as the inaccuracy of Personal Data.
Data Portability. If requested, I will provide Personal Data in a structured, secure, commonly used and machine-readable format.
Right to Withdraw Consent. If Personal Data is processed solely based on consent, and not based on any other legal basis, users can withdraw consent at any time.
Data Protection Contact. The right to contact the relevant data protection regulator regarding my handling of Personal Data.
To exercise any of the above listed rights, email me at LisaGrazianoLMFT@gmail.com or (310)764-8011 or mail to Lisa A. Graziano, M.A., LMFT, 514 N. Prospect Avenue, Suite 111 Lower Level, Redondo Beach, CA 90277. I will process requests in accordance with applicable law and within a reasonable period of time.