State Privacy Notice

Effective Date: January 1, 2023

Evolve Growth Initiatives, LLC, and its affiliated companies (collectively “Evolve,” “we,” “us,” “our” or “Company”) created this “Privacy Policy” to help you become familiar with how we collect, use, disclose, share, and protect Personal information (defined below) and otherwise comply with applicable consumer privacy laws, including the choices we offer with respect to your Personal Information. We encourage you to read this Privacy Policy in full before using Evolvetreatment.com, any other website (collectively, the “Website” or “Websites”), or any other online service that posts a link to this Privacy Policy, opening our e-mails or otherwise submitting Personal Information to us (collectively, the “Service” or our “Services”). However, please note that the HIPAA Privacy Notice in Section 1(a) applies to all Protected Health Information regardless of the methodology by which the protected health information is collected or received.  Should you have any questions or requests, see the section titled “Contact Us” below for further contact information. 

Your State Privacy Rights:  Residents of California and Nevada have certain privacy rights detailed here. To the extent there is a conflict between this Privacy Policy and the State Privacy Notice section, the State Privacy Notice section will control.

Your HIPAA Privacy Rights: Certain information that you, your parent, guardian, or custodian provides or we obtain about you may be covered by the Health Insurance Portability and Accountability Act (“HIPAA”), 42 CFR Part 2 (“Part 2”), and the California Confidentiality of Medical Information Act (“CMIA”). For more information regarding your HIPAA and CMIA privacy rights, please see our HIPAA Privacy Notice. To the extent there is a conflict between this Privacy Policy or the State Privacy Notice section, and the HIPAA Privacy Notice, the HIPAA Privacy Notice section will control.

Non-Applicability, Human Resources:  This Privacy Policy does not apply to our job applicants, current employees, former employees, or independent contractors (“Personnel”), except when they use our Websites and with respect to the “Your State Privacy Rights” section at 10.C, however, our California Personnel may obtain a separate privacy notice located here or by contacting our human resources department at hrprivacy@evolvetreatment.com or 1-844-312-7376. This Notice also does not apply to Company’s processing as a service provider.

1. Information We Collect

a. HIPAA Privacy Notice

We are required by law to maintain the privacy of your health-related data and we will not disclose your information except in accordance with state and federal law, including HIPAA, Part 2, and the CMIA. This HIPAA Privacy Notice combines our Notice of Privacy Practices under HIPAA and Patient Notice under Part 2, and any other notices that may required by the CMIA.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION, INCLUDING PROTECTED HEALTH INFORMATION (collectively, “PHI”), ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

At Evolve, we understand the importance of privacy and are committed to maintaining the confidentiality of your PHI. We make a record of the services we provide and sometimes we may receive PHI about you from third parties, such as your primary care provider or emergency provider, for permissible uses and disclosures under HIPAA, for purposes of healthcare-related treatment, payment, or operations, or as otherwise permitted by HIPAA to provide quality services to you and to transmit to other providers to assist with continuity of care. These records are also used to obtain payment for services provided to you which enables us to meet our professional and legal obligations to operate our organization. Otherwise, we will not use or disclose your PHI without your prior written authorization for any other permissible purposes under HIPAA outside of healthcare treatment, payment, or operations.

This HIPAA Privacy Notice is to provide you with information concerning our legal duties and privacy practices, including notifying affected individuals following a breach of unsecured PHI.

i. How we may use and disclose your PHI:

We may use and disclose your information to qualified service organizations or business associates who provide services to us for purposes of healthcare-related treatment, payment, or operations. We will always try to ensure that the medical information used or disclosed is limited to a “Designated Record Set” and to the “Minimum Necessary” standard, including a “limited data set,” as defined in HIPAA.

ii. Other Permitted Uses & Disclosures of Your PHI

We are required to disclose your PHI to the U.S. Department of Health and Human Services, Office for Civil Rights, the primary federal agency that enforces HIPAA, to assist OCR with assessing our compliance with HIPAA requirements. Otherwise, we may also use and disclose your PHI for the following purposes:

Uses and disclosures other than those described or listed in this notice will be made only with your consent or prior written authorization, as reasonable and appropriate, and in accordance with legal requirements. You may revoke any consent or authorization you provided at any time, subject to certain conditions such as if we have already taken action in reliance on your consent or authorization, and pursuant to then-existing state and federal laws.

iii. Your HIPAA Rights:

Under HIPAA, you have certain rights with respect to your PHI. Subject to certain exceptions, you have the following rights with respect to your PHI.

To make any requests connected with your rights, please email us at privacy@evolvetreatment.com.

iv. Our Duties.

In the event your information is acquired by an unauthorized party, we will provide notification to you.

Notice will be given without unreasonable delay, and will include a description of the incident, the types of information involved in the incident, steps you should take to protect yourself from harm, and a brief description of what we are doing to investigate the incident. We will also provide you with contact information of who you may contact for more information.

We are required by law to maintain the privacy of PHI, to provide you with this HIPAA Privacy Notice of our legal duties and privacy practices with respect to protected PHI/ePHI, and to notify you if you are affected by a breach of unsecured protected health information. We must follow the duties and privacy practices described in this HIPAA Privacy Notice. We will not use or disclose your PHI other than as described in this HIPAA Privacy Notice unless you inform us in writing otherwise.

v. Changes to this Notice.

We reserve the right to change the terms of our HIPAA Privacy Notice and to make the new HIPAA Privacy Notice provisions effective for all PHI that we maintain. We will send you a copy of the revised notice by email (or, if unavailable, by mail) for existing clients and those who discharged within the past year, and will also post it on our website.

vi. Questions and Complaints. 

You may submit your questions or complaints regarding this HIPAA Privacy Notice to us by contacting our Privacy Information Officer at 1-844-384-6773 or by sending an email to privacy@evolvetreatment.com. You may also submit a complaint the Secretary of the U.S. department of Health and Human Services, Office for Civil Rights if you believe your privacy rights have been violated. Any violation of the legal and regulatory requirements applicable to our status as a Part 2 program is a crime. You may report any suspected violations of Part 2 requirements to the United States Attorney for the judicial district in which the violation occurs by visiting https://www.justice.gov/usao/find-your-united-states-attorney or to the Substance Abuse and Mental Health Services Administration (SAMHSA) office responsible for opioid treatment program oversight by visiting https://www.samhsa.gov/about-us/contact-us.

We will not take retaliatory action against you if you file a complaint about our privacy practices.

b. Website Privacy Policy

Our data practices related to our Website are set forth in this section. If you do not accept these practices, do not visit or otherwise use our Websites.

i. Information About You That You Provide.

In addition to, and separate from, the PHI we may collect in connection with your treatment, Evolve and/or its Service Providers (defined below), may collect certain information from you, your parent(s), guardian(s), or custodian(s) when you use our Website or other Services. We or our Service Providers may collect information that identifies you personally (“Personal Information” or “PI”) directly from you via the Service. For example, Evolve collects information when you contact us via email, phone, or communicate or transact through the Service (for example, by completing the “Contact Us” form on our Website). In some instances, we may need to supplement the information you provided with certain Personal Information about you obtained from third parties to provide services to you. In addition, when you interact with Third-Party Services (defined below), you may be able to provide information to those third parties and those Third Parties, in turn, may provide information to us.

We, our Service Providers and/or Third-Party Services may collect your Personal Information, including:

c. Information Collected Automatically

We, our Service Providers and/or Third-Party Services may also automatically collect certain information about you when you access or use the Services (“Usage Information”). Usage Information may include IP address, device identifier, browser type, operating system, information about your use of the Service, the device you use, the web page you visited before coming to our sites, and identifiers associated with your devices and you (depending on their settings) may also transmit location information to the Service.

The methods that may be used on the Services to collect Usage Information include cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, device recognition technologies device and activity monitoring and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about interactions with the Website or e-mails, including information about your browsing and purchasing behavior. Such Tracking Technologies may include:

Some information about your use of the Service and certain other online websites may be collected using Tracking Technologies across time and Services and used by us and third parties for purposes such as to associate different devices you use and deliver relevant ads and/or other content to you on the Website and certain other online websites, in accordance with applicable data protection laws. See the Choices: Tracking and Communications Options section.

d. Information We Collect from Other Sources

We may also obtain information about you from other sources, including Service Providers and Third-Party Services. We are not responsible or liable for the accuracy of the information provided by third parties or for third party policies and practices.

e. Limitations

To the extent non-PI, or PI collected outside of the Service or by Third-Party Services, is combined by or on behalf of us with PI we collect directly from you on the Service (“Evolve-Collected PI”), we will treat it in accordance with this Privacy Policy. Notwithstanding the foregoing or anything to the contrary, unless required by applicable law, this Privacy Policy is not intended to limit our activities regarding information that does not personally identify you such that it does not constitute Personal Information, including Personal Information that has been “De-identified” (i.e., the removal or modification of the personally identifiable elements, or the extraction of non-personally identifiable elements), and non-Evolve Collected PI (including third-party-sourced, or non-Service-sourced, information) that is not combined with Evolve Collected PI. We will not attempt to re-identify data that we maintain as de-identified.

2. Why We Collect Information

We may use information about you for any purposes not inconsistent with our statements under this Privacy Policy, or otherwise made by us in writing at the point of collection, and not prohibited by applicable law, including, without limitation, for the following purposes:

3. Disclosing Your Information

Generally, we may disclose information about you for any purpose not inconsistent with our statements under this Privacy Policy, or statements otherwise made by us in writing at the point of collection, and not prohibited by applicable law, including, without limitation:

In addition, we may disclose information about you as follows:

4. Third-Party Content, Third-Party Services, Advertising and Analytics

The Service may include or link to Third-Party Services, apps, locations, platforms, code (e.g., plug-ins, application programming interfaces or other websites (collectively, “Third-Party Service(s)”). These Third-Party Services may use their own cookies, web beacons, and other Tracking Technologies to independently collect information about you and may solicit Personal information from you.

Certain functionalities on the Service permit interactions that you initiate between the Service and Third-Party Services. Examples of such interactions include connecting the Service to a Third-Party Service (e.g., to pull or push information to or from the Service). If you enable such interactions, both we and the third party may have access to certain information about you and your use of the Service and any Third-Party Service.

We may engage and work with Service Providers, Third-Party Services, and other third parties to serve advertisements on the Website and/or on other online websites. Some of these ads may be tailored to your interests based on your browsing of the Website and elsewhere on the Internet, which may include use of precise location and/or cross-device data, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”) (where permitted under applicable law), which may include sending you an ad on another online website after you have left the Website (i.e., “retargeting”).

We are not responsible for, and make no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Service Providers and Third-Party Services associated with the Website, and encourage you to familiarize yourself with and consult their privacy policies and terms of use. Please refer to the Choices: Tracking and Communications Options, Communications section for more on certain choices offered by some third parties regarding their data collection and use, including regarding Interest-based Advertising and analytics.

5. International Transfers

We are based in the U.S. and the information we and our Services collect is governed primarily by U.S. law. If you are accessing the Service from outside of the U.S., please be aware the information collected through the Service may be transferred to, processed, stored, or used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence.

6. Children’s Privacy

Our Website is intended for a general audience. Evolve does not intend to collect personal information as defined by the U.S. Children’s Online Privacy Protection Act (“COPPA”) (“Children’s Personal Information”) in a manner that is not permitted by COPPA. If we obtain knowledge that we have collected Children’s Personal Information in a manner not permitted by COPPA, we will remove such data to the extent required by COPPA.

7. Accessing and Changing Information

To the extent required by applicable law, we may provide web pages or other mechanisms allowing you to delete, correct, or update some of your information that we have collected and retained, and potentially certain other information about you (e.g., profile and account information). Further, except to the extent prohibited by applicable law, we reserve the right to retain data: (a) as required by applicable law; and (b) for so long as reasonably necessary to fulfill the purposes for which the data was collected.

8. How We Safeguard Your Information

The security of your Personal information is important to us. We employ reasonable technical and organizational measures to protect against the loss of, or unauthorized access to, the information under our control. Although we take reasonable and appropriate measures to protect your information, we cannot guarantee that your information will always remain secure.

9. Choices: Tracking and Communications Options

a. Tracking Technologies Generally

Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options, so you may need to set them separately. Also, tools from browsers may not be effective with regard to certain Tracking Technologies. Please be aware that if you disable or remove these technologies, some parts of the Services may not work, and when you revisit the Services, your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online websites you visit. Like many online websites, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser.

b. Analytics and Advertising Tracking Technologies

You may choose whether to receive some Interest-based Advertising by submitting opt-outs. Some of the advertisers and Service Providers that perform advertising-related services for us and third parties may participate in the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, including use of Cross-device Data for serving ads, visit http://www.aboutads.info/choices/, and http://www.aboutads.info/appchoices for information on the DAA’s opt-out program specifically for mobile apps (including use of precise location for third party ads). Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain Interest-based Advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser, or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective. We support the ad industry’s Self-regulatory Principles for Online Behavioral Advertising and expect that ad networks we directly engage to serve you Interest-based Advertising will do so as well, though we cannot guarantee their compliance.

You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.

We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

c. Communications

You can opt out of receiving certain promotional communications from us at any time by: (i) for promotional e-mails, following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account; and (ii) for text messages, following the instructions provided in text messages from us to text the word, “STOP”. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt out of receiving promotional communications, we may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or our ongoing business relations.

10. U.S. State Privacy Notice

This U.S. State Privacy Notice (“Notice”) applies to “Consumers” as defined under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA”), Chapter 603A of the Nevada Revised Statutes, and all laws implementing, supplementing, or amending the foregoing, including regulations promulgated thereunder (collectively, “U.S. Privacy Laws”).

This Notice is designed to meet our obligations under U.S. Privacy Laws and supplements the general privacy policy and the HIPAA Privacy Notice of Evolve Growth Initiatives LLC.

Applicability:

For California residents the term “Consumer” is not limited to data subjects acting as individuals regarding household goods and services and includes data subjects in a business-to-business context.

a. Notice of Data Practices

The description of our data practices in this Notice covers the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.

We may Collect your PI directly from you (e.g., when you request information regarding our services); your devices; our affiliates; service providers; public sources of data; or other businesses or individuals.

Generally, we Process your PI to provide you services and as otherwise related to the operation of our business, including for one or more of the following Business Purposes: Performing Services; Managing Interactions and Transactions; Security; Debugging; Advertising & Marketing; Quality Assurance; Processing Interactions and Transactions; and Research and Development. We may also use PI for other Business Purposes in a context that is not a Sale or Sharing under U.S. Privacy Laws, such as disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”), to the Consumer or to other parties at the Consumer’s direction or through the Consumer’s action; for the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice); as required or permitted by applicable law; to the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm; and to assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”) (“Additional Business Purposes”). Subject to restrictions and obligations under U.S. Privacy Laws, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.

We may also use and disclose your PI under this Notice for Commercial Purposes, which may be considered a “Sale” or “Share” under applicable U.S. Privacy Laws, such as when Third-Party Digital Businesses (defined below) Collect your PI via third-party cookies, and when we Process PI for certain advertising purposes. In addition, we may make your PI available to Third-Parties for their own use.

We provide more detail on our data practices in the chart that follows.

b. PI Collection, Disclosure, and Retention – By Category of PI

We collect, disclose, and retain PI (excluding PHI, which is addressed in our HIPAA Privacy Notice at Section1(a)) as follows:

Category of PIExamples of PI Collected and RetainedCategories of Recipients
1.       IdentifiersReal name, alias, postal address, unique personal identifiers, online identifiers, Internet Protocol address, e-mail address, and account name.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, marketing services providers, and medical providers, diagnostic or laboratory companies;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: Third-Party Digital Businesses
2.       Personal RecordsName, signature, description, address, telephone number, and financial information (e.g., payment card or financial account information). Some PI included in this category may overlap with other categories.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, marketing services providers, and medical providers, diagnostic or laboratory companies;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: Third-Party Digital Businesses
3.       Personal Characteristics or TraitsIn some circumstances, we may Collect PI that is considered protected under U.S. law, such as age, gender, nationality, race, or information related to medical conditions, but only when that information is relevant for our Business Purposes. We abide by the legal requirements imposed under applicable law in regard to such information.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data processors, and medical providers, diagnostic or laboratory companies;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
4.       Customer Account Details/Commercial InformationRecords of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: Third-Party Digital Businesses
5.       Internet Usage InformationWhen you browse our sites or otherwise interact with us online, we may Collect browsing history, search history, and other information regarding your interaction with our sites, applications, or advertisements.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: Third-Party Digital Businesses
6.       Geolocation DataIf you interact with us online we may gain access to the approximate, and sometimes precise, location of the device or equipment you are using.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: Third-Party Digital Businesses
7.       Sensory DataWe may Collect audio, electronic, or similar information when you contact us through our customer service line or via CCTV cameras in common areas at our facilities.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, other business vendors, and data processors;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
8.       Professional or Employment InformationProfessional, educational, or employment-related information.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
9.       Non-public Education RecordsEducation records directly maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, schedules, identification codes, financial information, or disciplinary records.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors;·         Educational consultants;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
10.   Inferences from PI CollectedInferences drawn from PI to create a profile about a Consumer reflecting preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, marketing services providers, and medical providers, diagnostic or laboratory companies;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: Third-Party Digital Businesses
11.   Sensitive PIGovernment Issued Identification Numbers (e.g., social security, driver’s license, state identification card, or passport number)   Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, and payment processors;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
Account Log-In (e.g., username and password to online account with Company)Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, and marketing services providers;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
Precise Geolocation (any data that is derived from a device and that is used or intended to be used to locate a consumer w/in a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet)Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: Third-Party Digital Businesses
Sensitive Personal Characteristics (e.g., racial or ethnic origin, religious or philosophical beliefs, citizenship or immigration status, or union membership)Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, and data processors;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
Communication Content (e.g., the contents of a consumer’s mail, email, and text messages, other than where Business is the intended recipient of the communication)Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
Health Information (PI collected and analyzed concerning a consumer’s health, medical history, mental or physical health, diagnosis/condition, and medical treatment)Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data processors, and medical providers, diagnostic or laboratory companies;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
Sex Life / Sexual Orientation (PI collected and analyzed concerning a consumer’s sex life or sexual orientation)Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data processors, and medical providers, diagnostic or laboratory companies;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None
Children’s Data (PI collected from a known child)Disclosures for Business Purposes:·         Vendors, such as general IT, cloud computing, software, and other business vendors, data processors, and medical providers, diagnostic or laboratory companies;·         Other members of our corporate group; and/or·         Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.Sale/Share: None

There may be additional information we Collect that meets the definition of PI under applicable U.S. Privacy Laws but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category. Because there are numerous types of PI in each category, and various uses for each PI type, actual retention periods vary. We retain specific PI pieces based on how long we have a legitimate purpose for the retention.

c. Your State Privacy Rights

As described more below, subject to meeting the requirements for a Verifiable Consumer Request (defined below), Company provides Consumers the privacy rights described in this section. For residents of states without Consumer privacy rights, we will consider requests but will apply our discretion with respect to and if and how we process such requests. We will also consider applying state law rights prior to the effective date of such laws, but will do so in our discretion.

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, complete our Consumer Rights Request Form and submit via email to privacy@evolvetreatment.com, or call us at 1-844-384-6773, and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.). More details on the request and verification process is in Section viii(A) below. The Consumer rights we accommodate are as follows:

i. Right to Limit Sensitive PI Processing

With regard to PI that qualifies as Sensitive PI under U.S. Privacy Laws, as of January 1, 2023, if you elect to provide us with that Sensitive PI you will have consented to such Processing. However, you can limit certain Sensitive PI Processing and if you do so we will explain in a response what Processing purposes U.S. Privacy Laws do not allow you to limit.

ii. Right to Know (Categories) (available for California Residents Only)

California residents have a right to submit a request for any of the following for the period that is 12-months prior to the request date:

iii. Right to Know (Specific Pieces) (California)

Residents of California are entitled to access PI up to twice in a 12-month period. You may request to confirm if we are Processing your PI and, if we are, to obtain a transportable copy, subject to applicable request limits, of your PI that we have collected and are maintaining. For your specific pieces of PI, as required by applicable U.S. Privacy Laws, we will apply the heightened verification standards as described below. We have no obligation to re-identify information or to keep PI longer than we need it or are required to by applicable law to comply with access requests.

iv. Do Not Sell / Share (California and Nevada)

California has an opt-out from “Selling” PI or “Sharing” its for Cross-Context Behavioral Advertising (use of PI from different businesses or services to target advertisements). We may Sell or Share your PI and/or use your PI for targeted advertising. Nevada residents have a narrower right to opt-out of certain PI collected via an online service. We provide California and Nevada residents an opt out of Sale/Sharing. Due to technical limitations and the different nature of the data and data processing you will have to opt-out separately with respect to non-cookie PI and cookie PI as explained below.

Third-Party digital businesses (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that Collect PI about you on our services, or otherwise Collect and Process PI that we make available about you, including digital activity information. We understand that giving access to PI on our services, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Share under some state laws and thus we will treat such PI (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) collected by Third-Party Digital Businesses, where not limited to acting as our Service Provider (or Contractor or Processor), as a Sale and/or Share and subject to a Do Not Sell/Share opt-out request.

Opt-out for non-cookie PI: If you want to limit our Processing of your non-cookie PI (e.g., your email address) for targeted advertising, or opt-out of the Sale/Sharing of such data, make an opt-out request by clicking this button: Cookies Settings.

Opt-out for cookie PI: If you want to limit our Processing of your cookie-related PI for targeted advertising, or opt-out of the Sale/Sharing of such PI, you need to exercise a separate opt-out request on our cookie management tool here: Cookies Settings. This is because we have to use different technologies to apply your opt-out of cookie PI and to non-cookie PI. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective, and you will need to enable them again via our cookie management tool.  Note that if you use ad blocking software, our cookie banner may not appear when you visit our Services, and you may have to use the link above to access the tool.

Opt-out preference signals (also known as global privacy control or GPC): California requires businesses to process GPC signals, also know as opt-out preference signals (“OOPS”), which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the Sale or Sharing of personal information. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC. We have configured the settings of our consent management platform to receive and process GPC signals on our website. We process OOPS/GPC with respect to Sales and Sharing that may occur in the context of Collection of cookie PI by tracking technologies online by Third-Party Digital Businesses, discussed above, and apply it to the specific browser on which you enable OOPS/GPC. We currently do not, due to technical limitations, process OOPS/GPC for opt-outs of Sales and Sharing in other contexts (e.g., non-cookie PI). We do not: (1) charge a fee for use of our service whether or not you have enabled OOPS/GPC; (2) change your experience with any product or service if you use OOPS/GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the OOPS/GPC.

We do not knowingly Sell or Share the PI of Consumers under 16, unless we receive affirmative authorization (“opt-in”) from either the Consumer who is between 13 and 16 years old, or the parent or guardian of a Consumer who is less than 13 years old. If you think we may have unknowingly collected PI of a Consumer under 16 years old, please Contact Us.

We may disclose your PI for the following purposes, which are not a Sale or Share:  (i) if you direct us to disclose PI; (ii) to comply with a Consumer rights request you submit to us; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.

v. Right to Delete

Except to the extent we have a basis for retention under applicable law, you may request that we delete your PI.

Please also be aware that making a deletion request does not ensure complete or comprehensive removal or deletion of PI or content you may have posted.

Note also that, depending on where you reside (e.g., California), we may not be required to delete your PI that we did not Collect directly from you.

Your PI

Consumers may bring inaccuracies they find in their PI that we maintain to our attention, and we will act upon such a complaint as required by applicable law. You can also make changes to your online account in the account settings section of the account. That will not, however, change your information that exists in other places.

vii. Automated Decision Making/Profiling

We do not engage in Automated Decision Making or Profiling.

viii. How to Exercise Your Consumer Privacy Rights

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, complete our Consumer Rights Request Form and submit via email to privacy@evolvetreatment.com, or call us at 1-844-384-6773, and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.).

As permitted or required by applicable U.S. Privacy Laws, any request you submit to us must be a Verifiable Consumer Request, meaning when you make a request, we may ask you to provide verifying information, such as your name, e-mail, phone number and/or account information. We will review the information provided and may request additional information (e.g., transaction history) via e-mail or other means to ensure we are interacting with the correct individual. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. We do not verify opt-outs of Sale/Share/Target or Limitation of Sensitive PI requests unless we suspect fraud.

You are not required to create a password-protected account with us to make a Verifiable Consumer Request, but you may use your password-protected account to do so. If we suspect fraudulent or malicious activity on or from the password-protected account, we may decline a request or request that you provide further verifying information.

We verify each request as follows:

To protect Consumers, if we are unable to verify you sufficiently, we will be unable to honor your request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

You may use an authorized agent to make a request for you, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you. Authorized agents may submit a request to exercise privacy rights on behalf of a Consumer by completing our Consumer Rights Request Form and submitting it via email to privacy@evolvetreatment.com, or calling us at 1-844-384-6773, and responding to any follow-up inquiries we make. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable U.S. Privacy Laws.

Some PI that we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in response to those requests. If we deny a request, in whole or in part, we will explain the reasons in our response.

We will make commercially reasonable efforts to identify Consumer PI that we Process to respond to your Consumer request(s). In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Consistent with applicable U.S. Privacy Laws and our interest in the security of your PI, we will not deliver to you your Social Security number, driver’s license number, or other government-issued ID number, financial account number, any health or medical identification number, an account password, or security questions or answers in response to a Consumer privacy rights request; however, you may be able to access some of this information yourself through your account if you have an active account with us.

We will not discriminate or retaliate against you in a manner prohibited by applicable U.S. Privacy Laws for your exercise of your Consumer privacy rights. We may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI.

We may offer discounts or other rewards (“Incentives”) from time-to-time to Consumers that provide us with PI. For example, we may provide you with a gift card in exchange for your responses to a survey. You may opt-in to Incentives by completing the survey or other loyalty and Incentive programs we may offer from time-to-time (“Program(s)”). Each Program may have additional terms, available on the Program page or at Program sign-up. The Incentives will be described in the Program page, or at Program sign-up. If you subsequently wish to withdraw from the Programs, the method for doing so will be explained in the Program terms. We do not limit Program participation to consumers that do not exercise their CCPA rights. However, a deletion request may not delete Program PI because it is necessary to maintain your participation in the Program. If you desire to delete Program PI, terminate your participation in the Program before making a CCPA deletion request.

Notwithstanding anything to the contrary, we may collect, use, and disclose your PI as required or permitted by applicable law and this may override your rights under U.S. Privacy Laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

d. Additional Notices for California Residents

In addition to the CCPA, certain Californians are entitled to certain other notices, as follows:

This Notice provides information on our online practices and your California rights specific to our online Services. Without limitation, Californians that visit our online Services and seek to acquire goods, services, money, or credit for personal, family or household purposes are entitled to the following notices of their rights:

i. California Minors

Although our services are intended for an audience over the age of majority, any California residents under the age of eighteen (18) who have registered to use our Services, and posted content on the Service, can request removal by contacting us, detailing where the content is posted and attesting you posted it. We will then make reasonable, good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines we do not control.

ii. Shine the Light

We may share “personal information,” as defined by California’s “Shine the Light” law, with third parties for such third parties own direct marketing purposes. California residents may opt-out of this sharing by contacting us at privacy@evolvetreatment.com or 300 N. Pacific Coast Hwy, Suite 2060, El Segundo, CA 90245 (Attn: Privacy). You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights, and must be requested separately. However, a Do Not Sell/Share/Target opt-out is broader and will limit our sharing with third parties for their own direct marketing purposes without the need for making a separate Shine the Light request. We will not accept Shine the Light requests by telephone or by fax, and are not responsible for requests not labeled or sent properly, or that are incomplete.

11. Contact Us

If you have any questions, comments, or concerns about our privacy practices, please contact us by e-mail at privacy@evolvetreatment.com, or call us at 1-844-384-6773. Please note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.