Leaf

Privacy Policy

I. INTRODUCTION

At Trestle Therapy Group, PLLC (“Trestle” or “we”), your privacy is very important to us. Accordingly, we have developed this Privacy Policy in order to help protect information of users (“you”) and to aid you in understanding how we collect, process, communicate, disclose, and make use of the Personal Data that you provide to us. Trestle is committed to this Privacy Policy and will only use your Personal Data where this Privacy Policy or the law allows. This Privacy Policy describes the types of information we may collect from you when you access, use, or visit trestletherapy.com (the “Website”); the ways in which we may collect such information; and how we may store, maintain, use, process, disclose, and protect such information. This Privacy Policy applies to information collected on or via the Website, or via email, text, or other electronic message between you and the Website. This Privacy Policy does not apply to information collected through other means, including without limitation, information collected offline or through other websites operated by us, our affiliates, or third parties, even if such other websites are linked to or accessible from the Website

Trestle kindly asks that you read this Privacy Policy carefully so that you may understand our practices concerning your information and how we will treat it. If after reading this Privacy Policy you do not agree with it, then DO NOT proceed to use, access, or visit the Website. By using, accessing, or visiting the Website, you indicate your agreement with and acceptance of this Privacy Policy.

As a preliminary matter, Trestle has implemented the appropriate technical and organizational measures to maintain a level of appropriate security to the data that you provide to us. Moreover, Trestle only allows the individuals who need access to this information to have access to this data and will not process it unless allowed by this Privacy Policy or the applicable law. Trestle is the controller and responsible for the data on the Website.

Trestle last updated this Privacy Policy on December 1st, 2022. Trestle reserves the right to change this Privacy Policy from time to time without notice to you. Accordingly, you should check this Privacy Policy regularly for any such updates. Your continued use of or access to the Website after any such changes are made indicates your agreement to and acceptance of them. You can obtain historic versions of this Privacy Policy by contacting Trestle at the email address or mail address provided below.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

A. Privacy Policy Contact

Under this Privacy Policy, you may have certain rights to review, correct, or delete any Personal Data that you have provided to Trestle via the Website. To do so, or if you have any other questions in relation to this Privacy Policy or your Personal Data, please contact us via e-mail at maureen@trestletherapy.com or via regular mail at President, Maureen Cooney and 4560 W 103rd St, Oak Lawn, IL 60453.

B. Third Party Links and Link to External Sites

The Website may contain links to external sites that are not operated or controlled by Trestle, and this Privacy Policy does not govern or apply to any such third-party site. If you click on a third-party link, you will be directed to that third party’s website, where this Privacy Policy does not govern or apply. We strongly advise you to review the privacy policy and terms and conditions for any such third-party websites, and for every website you visit. We have no control over, and assume no responsibility or liability of any kind for the content, privacy policies, or practices of any third-party websites, products, or services.

C. Protecting Children’s Privacy

While Trestle respects everyone’s privacy, we especially respect the privacy of children, and our Policy is intended to adhere to the Children’s Online Privacy Protection Act (COPPA). Our Website is not directed or targeted to, or intended for use by, children or persons under the age of 13, and we do not knowingly collect Personal Data from children or persons under the age of 13. Notwithstanding the foregoing, we realize that a child or person under the age of 13 may attempt to access or use our Website. If you are a parent or guardian and believe that your child is accessing or using our Website, please contact us at maureen@trestletherapy.com or via regular mail at President, Maureen Cooney and 4560 W 103rd St, Oak Lawn, IL 60453, and we will delete his/her information within a reasonable period of time. Please note that, before we remove any information, we may ask for proof of identification to prevent malicious removal of account information. You acknowledge and agree that we do not and cannot verify the age of users, and we shall have no liability for not doing so.

II. DEFINITIONS

For the purposes of this Privacy Policy, Trestle defines the following terms:

“Comply with a legal or regulatory obligation” means processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

“Consent” means the express permission that you have provided to Trestle to collect your Personal Data for the business purposes stated herein and subject to the limitations that you provide.

“External Third Parties” means service providers, such IT and system administration services, and professional advisers, such as lawyers, bankers, auditors and insurers, who provide consulting, banking, legal, insurance, and accounting services to or on behalf of Trestle.

“Internal Third Parties” means subsidiaries of Trestle which provide other essential services, such as IT and system administration services or which undertake leadership reporting.

“Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

“Personal Data” includes any information that can be used to directly or indirectly identify an individual, including, but not limited to, the identification of IP addresses, name, identification number, location data, online identifiers, and/or other information defined by law, statute, or regulation as “Personal Data.”

III. TYPES OF PERSONAL DATA WE COLLECT

Trestle may collect, process, store and transfer different kinds of Personal Data about you:

  • Contact Data including your mailing address, email address, and telephone numbers;
  • Identity Data including your first name, last name, and date of birth;
  • Marketing and Communications Data including your preferences in receiving marketing information and communications from us;
  • Profile Data including your user name, your password, and any preferences which you set in any user profile;
  • Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites; and
  • Usage Data including information about how you use the Website, your on-line activities, other traffic data, and information about products or services you viewed, but did not decide to purchase.

Trestle may also collect, process, store, and use Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data, but is not considered Personal Data under the law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Website. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we will treat the combined data as Personal Data in accordance with this Privacy Policy.

IV. METHODS OF COLLECTING PERSONAL DATA

Trestle may utilize two types of methods to collect Personal Data from you and about you. Any Personal Data which Trestle collects through either method is subject to this Privacy Policy.

The first method is direct interactions. In a direct interaction, you provide us with Contact Data, Identity Data, Marketing and Communications Data, or Profile Data by completing forms on the Website; by contacting us by phone, email, or otherwise; or by utilizing the Website. For example, you may knowingly give us your information when you complete and submit forms on the Website (such as our “Contact Us” page), when you register with the Website, enter a contest or promotion on the Website, report a problem with the Website, or email or otherwise message us via the Website. By providing your Personal Data, you voluntarily Consent to its use and processing for the purpose for which you provided such Personal Data. Your provision of the foregoing information is voluntary; however, you may need to provide certain information (such as an email address, for instance), in order to access or use certain Website features, and such features will not be available to you if you do not provide such information.

The second method is automated technologies or interactions. As you interact with our websites, Trestle may automatically collect Technical Data or Usage Data. We collect this personal data by using cookies, server logs, and other similar technologies. For information concerning our use of cookies, please see below.

V. HOW WE USE YOUR PERSONAL DATA

Trestle will only use your Personal Data when the law allows us to do so. Typically, we will only use your Personal Data:

  • Where it is necessary for our legitimate interests (or those of an Internal Third Party or an External Third Party as defined above) and your interests and fundamental rights do not override those interests;
  • Where we need to comply with a legal or regulatory obligation; or
  • Where you have provided us with consent.

Please consider and balance any potential impact on you (both positive and negative) before consenting to our processing of your Personal Data.

A. Legitimate Interests

Trestle may process the Personal Data described below for the following legitimate interests, where appropriate. Please note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data.

  1. To manage our relationship with you, including notifying you about changes to our Privacy Policy, we may process your Contact Data, Identity Data, Marketing and Communications Data, or Profile Data;
  2. To administer and protect our business and its websites, including troubleshooting, data analysis, testing system, maintenance, support, Website improvement, and reporting and hosting of data, we may process your Contact Data, Identity Data, Profile Data, Technical Data, or Usage Data;
  3. To deliver relevant website content and advertisements to you, we may process your Contact Data, Identity Data, Marketing and Communications Data, Profile Data, Technical Data, or Usage Data;
  4. To facilitate a request for information you may request or to inform you of changes to our offerings, we may process your Contact Data, Identity Data, Marketing and Communications Data, or Profile Data;
  5. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, we may process your Contact Data, Identity Data, or Profile Data; and
  6. To fulfill any purpose for which you provide Personal Data, including, without limitation, addressing your concerns, comments, inquiries, or complaints, we may process your Contact Data, Identity Data, Marketing and Communications Data, and Profile Data.

Please contact Trestle at the email address or mail address provided at the beginning of this Privacy Policy to request any addition information about these Legitimate Interests.

B. Consent

In order to provide services and communicate, the Website allows you to affirmatively provide Personal Data through on-line forms. By providing your Personal Data, you voluntarily consent to its processing for the purpose for which you provided said Personal Data. Trestle will not sell, distribute, or lease your Personal Data to third parties unless we obtain your prior consent.

Trestle will document your consent to the collection of your Personal Data. You have the right to withdraw this consent, as detailed below.

If you have provided us with consent, Trestle will only use the Personal Data in connection with the reasonable scope of that consent. If Trestle intends to use that information outside the scope of your consent, it will notify you to obtain such additional consent.

Please consider and balance any potential impact on you (both positive and negative) before consenting to our processing of your Personal Data.

C. Cookies and Web Beacons

Trestle employs technologies to autonomically collect Technical Data and Usage Data to help us analyze the Website’s traffic for statistical analysis purposes and to assist us in better serving our customers’ needs. Cookies and web beacons allow us to provide our customers with a better website, and in no way gives us access to your computer or any Personal Data, other than the data that you share with us.

A cookie is a small file placed on the hard drive of your computer. You may change your browser settings to not allow for cookies. If you do so, then you will still be able to visit parts of the Website, but you may not be able to use the Website to its full potential.

Pages of the Website may contain small electronic files known as web beacons, which permit us, for instance, to count users who have visited such pages, or to gather other, similar Website statistics.

D. No Automated Process for Profiling

Trestle does not use or employ any automated processes for profiling based on its collection of your Personal Data.

E. Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, Trestle does not alter our data collection and usage practices when we detect such a signal from your browser.

F. Google Analytics

The Website uses Google Analytics. Google Analytics is a web analytics service. Web analysis is the gathering, collection, and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website a user has come to a website from (so-called referrers), which subpages of a website were accessed or how often, and for what period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.

Google Analytics uses cookies. The information generated by the cookie about your use of this Website is usually transmitted to a Google server in the USA and stored there. Google might transfer the Personal Data collected via this technical procedure to third parties.

We have activated the IP anonymization feature on this Website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of Trestle to evaluate your use of the Website, to compile reports on Website activity, and to provide other services regarding Website activity and Internet usage for Trestle. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

In addition, the Website uses the Analytics feature User ID to track interaction data. This User ID will be additionally anonymized and encrypted and will not be linked with other data.

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this Website to the fullest extent possible.

In addition, you may prevent the collection of the data generated by the cookie and related to your use of this Website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. If a cookie has already been set by Google Analytics, then it can be deleted at any time via the Internet browser or other software programs.

Further information and Google‘s applicable privacy policies can be found at https://policies.google.com/privacy?hl=en.

G. Google Tag Manager

The Website also uses Google Tag Manager. Through this service, Trestle can manage “website tags” centrally via an interface. Google Tag Manager only implements tags. No cookies are used and no Personal Data is collected. If tags have been deactivated at the domain or cookie level, then this deactivation will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.

Further information and Google‘s applicable privacy policies can be found at https://policies.google.com/privacy?hl=en.

VI. DISCLOSURES OF YOUR PERSONAL DATA

Trestle may disclose Aggregated Data that does not identify your Personal Data, without restriction.

Trestle may disclose your Personal Data to Internal Third Parties and External Third Parties that are bound by contractual obligations to keep Personal Data confidential and to use it only for the business purpose for which we disclose it to them as defined in the Legitimate Interests outlined above. Trestle may also disclose your Personal Data to Internal Third Parties or External Third Parties to fulfill the purpose for which you provided the Personal Data or for any purpose for which you have provided Consent.

Trestle reserves the right to disclose your Personal Data to third parties to which we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy.

Trestle will not sell, distribute, or lease your Personal Data to third parties without your prior consent where the only basis for processing that Personal Data was your consent. Moreover, Trestle will disclose your Personal Data where required to do so by the laws of the applicable jurisdiction.

VII. DATA SECURITY

Trestle has implemented and maintains appropriate security measures to prevent your Personal Data from being accidentally lost, processed, or accessed in an unauthorized way, or altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors Internal Third Parties, and External Third Parties who have a legitimate business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

Trestle has procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Notwithstanding the foregoing, please be aware that no security measures are perfect or impenetrable; therefore, Trestle cannot and does not guarantee that your information, including without limitation your Personal Data, is absolutely secure and will not be viewed or accessed by others.

VIII. RETENTION AND DELETION OF PERSONAL DATA

Trestle will not retain Personal Data for any period of time longer than to fulfill the purpose for which the information was obtained, or as dictated by any applicable law, statute, or regulation, not to exceed 5 years. In determining the appropriate retention period for Personal Data, Trestle considers the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, accounting, and reporting requirements.

IX. RIGHTS AS TO PERSONAL DATA

Trestle affords all users the following rights as to their Personal Data. If you are a resident of California, the California Consumer Privacy Act of 2018 (“CCPA”) may provide you with rights that may overlap these rights already given to you under this Privacy Policy.

A. Right to Know and Data Portability

You have the right to request that Trestle disclose certain information to you about our collection and use of your Personal Data over the past 12 months. Once we receive and confirm your identity, we will disclose to you, as requested and verified:

  1. The categories of Personal Data we collected about you;
  2. The categories of sources for the Personal Data we collected about you;
  3. Our business or commercial purpose for collecting or selling that Personal Data;
  4. The categories of third parties with whom we share that Personal Data;
  5. The specific pieces of Personal Data we collected about you (also called a data portability request); and
  6. If we sold or disclosed your Personal Data for a business purpose, two separate lists disclosing:
    • sales, identifying the Personal Data categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained.

B. Right to Delete

You have the right to request that Trestle delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive your request and confirm your identity, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies, such as:

  1. To complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  2. To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  3. To debug products to identify and repair errors that impair existing intended functionality;
  4. To exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
  5. To comply with any applicable statute, including California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
  6. To engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  7. To enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  8. To comply with a legal obligation; or
  9. To make other internal and lawful uses of that information that are compatible with the context in which you provided it.

C. Exercising Rights to Know, Data Portability, or Delete

To exercise your rights to know, data portability, or delete described above, please contact us through the email address or the mail address provided at the beginning of the Privacy Policy.

If you are a California resident, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your minor child. You may only submit a request to know twice within a 12-month period.

Your request to know or delete must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative and (2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Trestle cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Trestle will only use Personal Data provided in the request to verify the requestor’s identity or authority to make the request.

Trestle will confirm receipt of your request within 10 business days. Trestle will further endeavor to substantively respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures Trestle provides will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

Trestle does not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, then we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If Trestle is unable to verify your identity to the applicable standard, we will treat your request to delete as a request to opt-out of the sale of the Personal Data that you provided as part of processing the request to delete. Please see the section below for a description of the right to opt-out of the sale of Personal Data.

D. Personal Data Sales Opt-Out and Opt-In Rights

If you are age 16 or older, you have the right to direct Trestle to not sell your Personal Data at any time (the “right to opt-out”). We do not sell the Personal Data of users we actually know are less than 16 years old, unless we receive affirmative authorization (the “right to opt-in”) from either the user who is between 13 and 15 years old, or the parent or guardian of a user less than 13 years old. Consumers who opt-in to Personal Data sales may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following link: ADD LINK or by contacting us through the email address or the mail address provided at the beginning of the Privacy Policy. Once you make an opt-out request, Trestle will wait at least 12 months before asking you to reauthorize Personal Data sales. However, you may change your mind and opt back in to Personal Data sales at any time by contacting us through the email address or the mail address provided at the beginning of the Privacy Policy.

Trestle will endeavor to respond within 15 days from the date that you submit the opt-out of sale request. Neither this Privacy Policy nor the CCPA requires that we verify the identity of individuals who submit requests to opt-out of sales. However, we may deny the request if we have a good-faith, reasonable, and documented belief that the request is fraudulent. If we deny the request on this basis, we will notify the requesting party and provide an explanation why we believe the request is fraudulent.

E. Non-Discrimination

Trestle will not discriminate against you for exercising any these rights as well as the enumerated rights California residents may have under the CCPA. Unless permitted by applicable law, including the CCPA for California residents, we will not:

  1. Deny you goods or services.
  2. Charge you different prices or rates for products, including through granting discounts or other benefits, or imposing penalties;
  3. Provide you a different level or quality of goods or services; or
  4. Suggest that you may receive a different price or rate for products or a different level or quality of products.

However, we may offer you certain financial incentives permitted by law, including the CCPA for California residents, that can result in different prices, rates, or quality levels. Any permitted financial incentive we offer will reasonably relate to your Personal Data’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the Website that are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please contact us through the email address or the mail address provided at the beginning of the Privacy Policy.

X. APPLICABILITY OF THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (“HIPAA”)

While Trestle has implemented and maintains appropriate security measures to protect your Personal Data, users should thoroughly consider the implications of sharing medical information with Trestle. Such medical information could include, but is not limited to, information regarding sexually transmitted diseases, AIDS/HIV, mental health, developmental disability, or substance abuse. Any medical information that you provide is done so voluntarily and with the understanding that HIPAA will not apply to that disclosure or Trestle’s use of that provided data.

XI. FURTHER INFORMATION

For further information concerning your Personal Data or this Privacy Policy, please contact the email address or the mail address provided at the beginning of the Privacy Policy.

Leaf