1.1 Purpose
This Privacy Policy ("Policy") governs the collection, use, and disclosure of personal data by MBM Therapies ("We," "Us," or "Our"). This Policy is designed to inform you ("User," "You," or "Your") about how we handle your personal data and to ensure compliance with applicable laws and regulations, including but not limited to Indian privacy laws such as the Information Technology Act, SPDI Rules, and the Digital Personal Data Protection Act, 2023, the General Data Protection Regulation ("GDPR") and United States privacy laws.
1.2 Applicability
This Policy applies to all users who access or use our website, mobile applications, and other online services (collectively, the "Services"). By using our Services, you consent to the practices described in this Policy.
2.1 Identification
The data controller responsible for the collection and processing of your personal data in connection with the Services is MBM Therapies, a mental health service provider.
2.2 Contact Information
For any questions or concerns regarding this Policy or our data practices, you may contact us at mbmtherapies@gmail.com
3. Personal Data Collected
We collect various types of personal data, including but not limited to:
3.2 Methods of Collection
Data may be collected directly from you, through the use of our Services, or from third-party sources, such as healthcare providers.
4.1 Service Provision
The primary purpose of collecting your personal data is to provide you with mental health services, including matching you with appropriate therapists and managing your therapy sessions.
4.2 Legal Obligations
We may also collect data to comply with legal obligations, including reporting and record-keeping requirements.
5.1 Consent
By using our Services, you consent to the collection, use, and disclosure of your personal data as described in this Policy.
5.2 Compliance with Laws
We process your data in compliance with applicable laws and regulations, including GDPR, U.S. privacy laws, and Indian privacy laws such as the Information Technology Act and the Digital Personal Data Protection Act, 2023.
6.1 Retention Period
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws, including Indian privacy laws and regulations.
6.2 Data Deletion
Upon the expiration of the retention period or upon your request, your data will be deleted in accordance with legal requirements and our data deletion procedures.
7.1 Conditions for Sharing
We may share your personal data with third parties only under the following conditions:
7.2 Third-Party Vendors
We may engage third-party vendors to perform services on our behalf, such as payment processing and data analytics. These vendors are contractually obligated to maintain the confidentiality and security of your data.
8.1 Right to Access
You have the right to request access to the personal data we hold about you, including the purposes for which it is being processed and the categories of data being processed.
8.2 Right to Rectification
You have the right to request the correction of inaccurate or incomplete personal data.
8.3 Right to Erasure
You have the right to request the deletion of your personal data, subject to certain legal exceptions.
9.1 Obtaining Consent
We obtain your explicit consent for the collection, processing, and sharing of your personal data through clear and accessible mechanisms, such as opt-in checkboxes.
9.2 Revocation of Consent
You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
10.1 Use of Cookies
We use cookies and similar tracking technologies to enhance user experience and for analytics.
10.2 Cookie Policy
For more information on how cookies are used and how you can manage them, please refer to our Cookie Policy.
11.1 Data Security
We employ robust security measures, including encryption and secure servers, to protect your personal data from unauthorized access, alteration, disclosure, or destruction.
11.2 Security Audits
We regularly conduct security audits to ensure the effectiveness of our data protection measures.
12.1 Notification Procedures
In the event of a data breach that compromises your personal data, we will notify you and relevant authorities as required by law, within 72 hours of becoming aware of the breach.
12.2 Remedial Actions
We will take all necessary remedial actions to mitigate the impact of the data breach and prevent future occurrences.
13.1 Parental Consent
If we become aware that personal data from minors has been collected without verifiable parental consent, we will take steps to delete such information.
14.1 Cross-Border Transfers
Your personal data may be transferred to and processed in countries other than the country in which you are resident, including the United States, under compliance with applicable laws.
14.2 Safeguards
We employ appropriate safeguards, such as standard contractual clauses, to ensure the lawful transfer of your personal data across borders.
15.1 Data Protection Rights
Under the General Data Protection Regulation (GDPR), European Union citizens have additional data protection rights, including data portability and the right to object to processing.
15.2 Data Protection Officer
We have appointed a Data Protection Officer to oversee compliance with GDPR requirements. For inquiries, contact mbmtherapies@gmail.com.
15.3 DPDP Act Compliance
Under the Digital Personal Data Protection Act, 2023, Indian citizens have specific rights regarding their personal information, including the right to data portability and the right to object to processing. For inquiries related to DPDP Act compliance, contact us at mbmtherapies@gmail.com.
16.1 California Residents
Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information, including the right to opt-out of the sale of personal information.
16.2 CCPA Requests
Requests under the CCPA may be made by contacting us at mbmtherapies@gmail.com.
17.1 Health Data
If applicable, we comply with the Health Insurance Portability and Accountability Act (HIPAA) in the handling of health-related information.
17.2 Safeguards
We employ administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of health information.
18.1 External Links
Our Services may contain links to third-party websites not operated by us.
18.2 Disclaimer
We are not responsible for the content, privacy policies, or practices of third-party websites. Users are encouraged to read the privacy policies of any third-party websites visited.
We reserve the right to update or amend this Privacy Policy at any time.
19.2 Notification
Changes will be communicated via email or through notifications on our Services, and will be in compliance with Indian privacy laws and regulations.
20.1 Queries and Complaints
For any queries, complaints, or requests related to this Privacy Policy, please contact us at mbmtherapies@gmail.com.
20.2 Data Protection Officer
Our Data Protection Officer can also be reached at the above email address for specific inquiries related to data protection.
