Stirling Behavioral Health Institute Privacy Notice


THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.  Revision Date: April 22, 2024


WHO WE ARE

Our website address is: http://www.stirlingbhi.org.

COOKIES

We do not use cookies.

EMBEDDED CONTENT FROM OTHER WEBSITES

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


COLLECTION OF PERSONAL INFORMATION

We may collect personal information directly from you, for example during an in-person registration or when you contact us for services. Personal information we collect directly from you may include first and last name, address, email address, and phone number. We do not collect information from you via our website.


HOW WE USE YOUR PERSONAL INFORMATION

We use information collected from you to provide you with appointment reminders and to provide client services. Appointment reminders may be sent via text or voice message with your permission.


HOW WE USE EMAIL AND TEXT MESSAGING TO COMMUNICATE

We do not engage in email or text message marketing. We will only email or text you with your permission regarding matters related to your care. For information about how our privacy policy relates to protected health information, see below. If you wish to stop receiving email or text messages from us, please information your clinician or reply STOP, QUIT, or CANCEL to any text or email message sent from us.


WHO WE SHARE YOUR DATA WITH

We may use third-party service providers to assist us with providing our services to you and we may share your information with such third parties for these limited purposes.


We may also share your personal information if necessary to comply with applicable laws and regulations, to respond to a subpeona, search warrant, or other lawful request for information we receive, or to otherwise protect our rights.


HOW LONG WE RETAIN YOUR DATA

In general, we store your data for as long as we do business with you or for as long as we are obligated to by law.


PRIVACY RELATED TO YOUR HEALTH RECORD

UNDERSTANDING YOUR HEALTH RECORD SBHI uses an electronic health record and paper chart that contain your name and other personal information such as information about your insurance eligibility to receive services, your symptoms/problems, diagnoses, treatment (different types of services provided/consultations within the agency and with others outside of the agency), and plans for future care. This information is a way to verify that services billed were actually provided, to assess quality of care, for treatment planning, and as a way to communicate among different treatment providers who are on your treatment team.

 
OUR DUTIES The law requires Stirling Behavioral Health Institute (SBHI) to keep your medical records and health information, also known as Protected Health Information (PHI), safe and private. We must give you this Notice about our privacy practices. It explains when, why, and how SBHI may use and/or share your health information, what rights you have, and what SBHI legally must do to keep your information safe. We are required to follow the privacy practices described in this Notice, but we have the right to change our policies and the terms at any time when the law or our practices change. You will not automatically receive a new Notice. If we do make changes, we will post the revised Notice in our office and on our website. You may also ask for a copy of this Notice from our staff, and you can view it on the company website at www.stirlingbhi.org.
 
HOW SBHI WILL USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION SBHI has a right to use and disclose your PHI for: Treatment, Payment, or Health Care Operations. For uses beyond that, we must get your consent (permission) unless the law permits or requires us to do so.
 
For Treatment: We may use and share your PHI within our office, to members of your mental health treatment team. The team may include: Psychiatrists, Psychologists, Licensed Marriage and Family Therapists, Associate Marriage and Family Therapists, Licensed Clinical Social Workers, Associate Clinical Social Workers, Case Managers, Mental Health Rehabilitation Specialists. We may also use/disclose your health information to support staff who are involved in your care. Your PHI may also be shared with other community mental health agencies (Los Angeles County Directly-Operated/DMH Contracted) involved in providing or coordinating your care. We may also share information with community treatment providers or subsequent treaters for your future care, once you are no longer a client of SBHI.
 
To Obtain Payment for Treatment: We may use and disclose your health information to bill and collect payment for the treatment and services provided to you. For example, SBHI will send your PHI with the Medicaid program and Los Angeles County Department of Mental Health (“LACDMH”), to determine insurance eligibility, payment from other entities including LACDMH, the State of California or to get paid for services that we deliver to you.
 
For Health Care Operations: SBHI might use and share your health information to ensure everything runs smoothly and correctly at the office. Here are some examples: We might use your health information to check if the services you received were properly provided or to see how well the health care professionals performed their job when they helped you. SBHI might also share your health information with our lawyers, LACDMH staff, accountants, advisors, and others to make sure SBHI follows the law correctly and/or is meeting the obligations of service. The law might require us to share your health information with people from federal and state agencies who perform audits on the business or otherwise oversee payment to SBHI.
 

Additional sharing of your PHI may include the following:

  • Appointment Reminder: We might use and share your health information to remind you about appointments. We could call, email, or send a text message to remind you.
  • Discuss treatment, alternatives, and other health-related services: We might use and share your health information to tell you about your health, options for other potential treatments or other health services SBHI offers.
  • Communication with Family Involved in Your Care or Payment of Your Care: Unless you object (say no), we may use or share your health information with a family member, relative, close friend or any other person identified by you to be involved in your care. This is so they can help with your treatment or pay for your treatment. We might also tell your family where you are or how you are doing, to help you in an emergency.
  • To Prevent a Serious Threat to Health or Safety: If there is a serious health or safety risk to you or others, like if you say you might hurt yourself or someone else, we might have to tell the police or others able to prevent or lessen the threat or harm. We will only share information that is needed and what the law allows.
  • Business Associates: We may share your health information with companies that help us do our job and they can do the job we have asked them to do. Some of the services provided by our business associates include record storage, electronic health record system to document services; software maintenance, legal services, or accounting. These companies are required by law to keep your information private and can only use it for what we agreed to in our contract. They must follow the same privacy rules as our agency under HIPAA.
  • Information About Descendants: If you pass away, we may share health information with your family or others who helped with your care or paid for it. We will do this unless it goes against what you wanted when you were alive.
  • Coroners, Medical Examiners, Funeral Directors: If the law says so, if you pass away, your health information may be given to a coroner or medical examiner. This helps to figure out who passed away and why. We may also share some health information to a funeral home.
  • Organ and Tissue Donation: If you are an organ donor, we may release your health information to organ donation groups, so they can do their work.
  • Disaster Relief: We might share your health information to groups helping in a disaster so they can tell your family how you are doing and where you are. We will ask if it is okay with you first, unless there is an emergency and we need to tell them right away.
  • Public Health: We might have to share your health information with public health workers, legal authorities, and other people who are responsible for preventing or controlling disease, injury, or disability. Examples include when mental health staff believe you are being hurt or mistreated like if you are a victim of abuse, neglect, or domestic violence. Also, we must report Elder Abuse if we think an older person or someone who needs help is being abused. Other examples include if there are bad reactions to medicines that are prescribed to you; problems with products; or a disease that you have contracted or may spread.
  • Health Oversight Activities: SBHI may be required to help the government during an investigation or inspection of a health care organization or provider. Examples include investigations for fraud and abuse, for audits, inspections, licensure, disciplinary actions, or for national security.
  • Research Purposes: We may share your health information to do research, after we get your authorization (approval). Sometimes, your health information can be shared without your approval if the research is approved by an Institutional Review Board or Privacy Board that says the research would not risk your privacy much. This could happen if the information does not identify you much or if it is only used to plan the research.
  • Lawsuits and Disputes: If you are in a lawsuit or a dispute (argument), we may share your health information if a court asks for it (court order or administrative order). We may also share your PHI in response to a subpoena, a discovery request, or if someone else in the dispute asks for it. If a request only, we will tell you about the request, get permission from you to share it, or attempt to get an order to protect the health information from being shared. If a lawsuit is filed because of something we did, we might share your information with our lawyers to defend ourselves. Your information might also be shared in court or in public documents.
  • Law Enforcement: We may share your personal health information with the police in these cases: a) if they have a search warrant; b) if they have a court order; c) to report abuse, neglect, or assault as required by law; d) to report threats to third parties or crimes done at the office; e) to find someone they are looking for (suspect, fugitive, witness or missing person); f) if the police bring you to the hospital and there is a good reason to test your blood for alcohol or drugs; g) to tell the police if you’re leaving the hospital after being held for a psychiatric evaluation.
  • Specific Government Functions and National Security: If you are in the military or a veteran, we might share your health information if the military or Veterans Affairs says we must. Also, we may share PHI with federal officials to keep the country safe, like protecting the President, foreign heads of status, certain other persons, or helping with intelligence and counterintelligence operations.
  • Woker’s Compensation: Your health information could be used or shared according to laws about workers’ compensation. For instance, if you get hurt at work, we might share your health information with people handling your claim for Workers’ Compensation benefits, like insurance companies or claims administrators.
  • As Required by Law: Your personal health information may be used or shared as required by federal, State, local or international law. For instance, the law requires us to report certain types of injuries.
  • Whistleblower: According to federal law, your health information can be given to a government agency or lawyer if someone believes we broke the law or did not follow professional standards, and it could put clients, workers, or the public in danger.
  • Breach Notification: We may use or share your health information to tell you if someone gets access to your health information without permission, or if the PHI is accidently lost or stolen. We will also inform State and federal authorities about it. If this happens, we will let you know by sending you a letter via first-class mail to your last known address.
  • Special Rules for Disclosure of Psychiatric, Substance Abuse, Genetic, and HIV-Related Information: When it comes to sharing health information about mental health conditions, substance abuse, HIV testing/treatment, and genetic information, there are special rules/restrictions. Usually, we need your permission or a court order to share this kind of information. But there are some cases where we might share your HIV test results with your healthcare provider without asking you first.


Other Uses and Disclosures: Unless we have your written authorization (permission), SBHI will not use or share your health information, except as explained in this Notice, or as allowed by State or federal law. For instance, we cannot use or share your health information for marketing purposes (to sell things to you), or sell your health information to others, unless you give us written permission to do so. If you agree and then change your mind, you can let us know in writing and revoke (take back) the permission. That way, we will stop using or sharing your information in the future. But we cannot undo anything we already did before you told us to stop.

 
WHAT RIGHTS YOU HAVE REGARDING YOUR PHI These are your rights with respect to your PHI:
 
The Right to Access, Inspect, See and Get Copies of Your PHI: In most cases, you can look at your medical records and get a copy of them, except for private psychotherapy notes. To do this, you must make your request in writing. We will respond to your request within 30 days. If we deny your access (say no to your request), we will give you a written explanation why and explain to you how you can appeal this decision (for someone else to check if our decision is fair). If you request a copy of your medical record, we may charge a fee for the cost of copying or mailing, no more than $.25 per page.
 
The Right to Amend Your PHI: If you think there is a mistake in your health records or some important information is missing, you may ask us, in writing, to correct or update the information. You must say why you think the information is wrong or incomplete. We will get back to you within 60 days after we get your request. We might deny (turn down your request) for the following reasons: a) if we think the information is already correct and complete; b) if we are not allowed to share it; and/or c) if the document was given to us by someone else. If we do deny your request, we will explain to you why in writing. We will also tell you how you can disagree with our decision, in writing. Even if you do not disagree in writing, you can ask that your original request and our denial be shown with your health records if they are shared in the future. If we agree to your request to amend (change) your PHI, we will update your health records. We will let you know we made the change and will tell anyone else who needs to know about the update to your health record.
 
The Right to Choose Someone to Act for You: If you have chosen someone to make medical decisions for you, like a medical power of attorney or a legal guardian, they can use your rights and make decisions about your health information. We will check to make sure this person is allowed to do this before we do anything.
 
The Right to Find out what Disclosures Have Been Made: You have the right to get a list of times we have shared your health information with others, for what purpose, and what information was shared, for up to six (6) years prior to your request. This list will not include the times we shared information for things like your treatment, payment, health care operations, or when we sent information directly to you or to your family. It also will not include times we had to share it for safety reasons to the government or to the police. The first time you ask for a list of disclosures, which were done within a one (1) year period, we will not charge you. For any additional request(s), there will be a fee and we will tell you what the cost will be so you can decide if you still want the list or not.
 
The Right to Request Restrictions on Uses and Disclosures of Your PHI: You have the right to ask us to use and share your health information in fewer ways. You can also ask us not to share information with someone who is helping with your care or paying for your health care. We will think about your request, but are not required, to agree. If we cannot do what you ask, we will tell you. If we agree to your request, we will write down the limits and follow them, except in emergency situations. One exception exists. There is a special case where you can ask us not to tell your health insurance about the care you get if you pay for the service, out of pocket, in full, at the time the services were provided.
 
The Right to Choose How SBHI Sends Your PHI to You: You have the right to ask us to send your health information to a different place (like your work address instead of your home address) or in a different way (like by telephone, email, or mail). SBHI will agree to your written request if we can do it easily. SBHI will not require you to give us an explanation why you want it sent differently.
 
The Right to Get a Paper Copy of This Notice: You can get a paper version of this Notice whenever you want, even if you have gotten one before or said that it is okay to get this Notice through email or online. Also, you can find an electronic version of this Notice on our website: www.stirlingbhi.org
 
HOW TO FILE A COPLAINT ABOUT SBHI’S PRIVACY PRACTICE You have the right to file a complaint with the agency Privacy Officer (aka: Senior Program Director) about SBHI’s Privacy Practices, without the agency punishing you, for a variety of reasons. Reasons may include: a) If you have questions about this notice; 2) if you have questions regarding your mental health rights; c) if you believe your privacy rights have been violated (meaning SBHI did something wrong); or d) if you disagree with a decision that was made about your health information.  
 
Stirling Behavioral Health Institute
Senior Program Director
6931 Van Nuys Blvd., Suite 102
Van Nuys, CA 91405
(818) 376-0134
Email: clewis@stirlingbhi.org
 
You can also file a written complaint to the U.S. DEPARMENT OF HEALTH AND HUMAN SERVICES or file a complaint at this link: www.hhs.gov/ocr/privacy/hipaa/complaints/ Region IX, Office for Civil Rights
U.S. Department of Health and Human Services
90 7th St. Suite 4-100
San Francisco, Ca. 94103
Voice Phone: (800) 368-1019 TDD: (800) 533-7697 FAX: (415) 437-8329
 
You can also file a complaint to: LAC DMH Patients’ Rights Office: Los Angeles County Department of Mental Health Patients’ Rights Office
510 S. Vermont Ave, 21st Floor
Los Angeles, CA 90020
Phone: (800) 700-9996 Fax: (213) 330-0285 https://lacdmhpcguatii.powerappsportals.us/en-US  
 
EFFECTIVE DATE OF THIS NOTICE: April 10, 2024  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Inferred or derived data:
 
  • Inferred or derived data may include a summary of information included in recorded content processed by conversational intelligence. Users and participants control the content they provide.
 
Your communications with us:
 
  • Surveys, calls (including recordings), emails and messages, etc.
 
Other information:
 
  • Any personal information that a user or guest voluntarily provides about an individual through their use of the Services, including synchronizing contact information, or through integrations with other applications.
 
 
HOW WE USE YOUR PERSONAL INFORMATION
 
We use your personal information for the following purposes: Communicate with you; Verify your identity to prevent fraud in compliance with applicable law; Create your account; Provide you with RingCentral Services including respond to your requests for support; Develop and improve the RingCentral Services; Manage your order and our customer relationship; Market and advertise our Services; Perform surveys; Provide internal training and ensure quality assurance; Improve and optimize your interactions with our teams; Connect you to and optimize your experience using our Website, Apps, and Services; Provide customers dashboards and reports; Conduct fraud and threat analysis and, detect and prevent spam or unlawful or abusive activity or other violations of our Acceptable Use Policy (“AUP”); Monitor performance of our data centers and networks; Conduct analytics to improve RingCentral’s Website, App and Service performance; Personalize your experience with our Websites, Apps and Services; Comply with applicable law including those regulating call detail records; and Perform billing for our Services.
 
We may use artificial intelligence, machine learning, or other similar technology to provide, maintain, support, and improve our Services.
 
Lawful basis for processing personal information (EEA, Switzerland and UK only)
When we collect personal information about you in connection with offering our Website, Apps or Services within the European Economic Area (EEA), Switzerland and the United Kingdom (UK), our lawful basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
 
We will normally collect personal information from you where we need the personal information to perform a contract with you (e.g., when you order a Service), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g., to market and provide our Services). In some cases, we may also have a legal obligation to collect and process the personal information in question (i.e. Service Usage Data) or we may process your personal information where we have your consent to do so. You may withdraw your consent at any time as instructed in the communications or in the Apps or Services, or you contact us as explained below.
 
Limited Use for APIs
RingCentral’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
 
 
COOKIES AND SIMILAR TECHNOLOGIES
 
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, the functions they perform, and how you can control Cookies, please see our Cookie Notice.
 
 
HOW, WHY, AND WHAT PERSONAL INFORMATION WE SHARE WITH THIRD PARTIES
 
We may share and disclose your personal information (as identified in the section What Personal Information We Collect solely for legitimate business or legal purposes as described in this Notice and in accordance with applicable law, with the following third parties:
  • RingCentral or any of its worldwide affiliates. A list of our current group companies is available on our public filings.
  • Business partners (e.g., resellers and other authorized third party agents) to market or sell our Services;
  • Service providers, contractors, vendors or agents who operate on our behalf to:
    • Operate, deliver, improve and customize our Websites, Apps, and Services;
    • Provide support and technical services;
    • Send marketing and other operational communications related to our Websites, Apps, and Services;
    • Enforce our acceptable use policy;
    • Conduct analytics in order to improve your experience using RingCentral Websites, Apps and Services; and
    • Provide offers and advertisements to customers based on their interests and interactions with us.
  • Any third parties as part of, or in connection with, an actual or prospective corporate business transaction, such as a sale, merger, acquisition, joint venture, financing, corporate change, reorganization or insolvency, bankruptcy or receivership;
  • Law enforcement agencies, regulatory or governmental bodies, or other third parties in order to respond to legal process, comply with any legal obligation; protect or defend our rights, interests or property or that of third parties; or prevent or investigate wrongdoing in connection with the Website, Apps or our Services; and/or
  • Other third parties with your consent.
 
 
HOW WE RESPECT YOUR PRIVACY RIGHTS
 
We provide you with the opportunity to access, review, modify, and delete your personal information that we process.
 
Requests from End Users regarding personal information we process on behalf of our Customers as a Data Processor
 
In general, when processing the content of communications such as voicemails, faxes, recordings etc. in connection with our Services, we do so on behalf of our Customers and in accordance with their instructions as a data processor. This means that if you believe RingCentral may have collected or stored personal information about you on behalf of a RingCentral customer as a data processor or if you wish to access, review, modify or delete any content of your communications, under applicable law or otherwise, you should direct your request to that Customer.
 
Your Additional Privacy Rights as an EEA/UK/Swiss Resident
 
  • Access: You can request more information about the personal information we hold about you. You can request to download a copy of the personal information.
  • Rectification: If you believe that any personal information we are holding about you is incorrect or incomplete, you can request that we change, correct, or supplement the data. If you are a customer, you can also correct some of this information directly by logging into your Service account. Please contact us as soon as possible if you notice any inaccuracy or incompleteness.
  • Objection: You can let us know that you object to the collection or processing of your personal information for certain purposes.
  • Restriction of Processing: You can ask us to restrict further processing of your personal information. (This just means you can ask us to stop using it for the reasons we have been using it.) This may mean that we have to delete your account.
  • Erasure: You can request that we erase some or all of your personal information from our systems. You can also delete some of this information directly by logging into your Service account, if you are a customer.
  • Portability: You can ask for a downloadable copy of your personal information in a machine-readable format. You can also request that we transmit the data to someone else where it’s technically possible.
  • Withdrawal of Consent: If you have consented to our use of personal information for a specific purpose, you have the right to change your mind at any time. Any such decision will not affect any processing that has already occurred nor will it affect processing of your personal information conducted in reliance of lawful processing grounds other than consent. Withdrawing your consent may mean your access to the Services will be limited or suspended, and your accounts may be terminated, as applicable. Where you withdraw your consent, but we are using your information because we or a third party (e.g. your employer) have a legitimate interest in doing so, or we have different legal basis for using your information (for example, fulfilling a contract with you), we may continue to process your information, subject to your rights to access and control your information.
  • Right to File Complaint: You have the right to lodge a complaint about RingCentral’s practices with respect to your personal information with your supervisory authority (contact details available here: for the EU; for the UK; and for Switzerland).
  • No Automated Decision Making: We do not undertake decision-making about you based solely on automated processing, including profiling; however, certain features of our Services could be used by our customers for decision-making purposes.
 
Your Additional Privacy Rights as a Resident of Certain U.S. states
 
The rights described in this section apply only if you are a resident of a state within the United States that has an applicable and effective privacy law providing for the below rights.
 
  • Data portability: You can ask for a downloadable copy of your personal information in a machine-readable format. You can also request that we transmit the data to someone else where it’s technically possible.
  • Knowledge and access: You may have the right to know more about personal information that we have collected and disclosed in the preceding 12 months. You may be able to access, receive details on collection, the purpose of processing, and any sharing that may have occurred.
  • Deletion: You have the right to request RingCentral to delete the personal information we have collected about you under certain circumstances.
  • Non-discrimination for the exercise of your privacy rights: You have the right to not receive discriminatory treatment by RingCentral for the exercise of your privacy rights.
  • Rectification: If you believe that any personal information we are holding about you is incorrect or incomplete, you can request that we change, correct, or supplement the data. You can also correct some of this information directly by logging into your account, if you are a customer. Please contact us as soon as possible if you notice any inaccuracy or incompleteness.
  • Opt-out of selling or sharing your personal information: You have the right to request RingCentral to stop sharing your personal information for the purposes of cross-context behavioral advertising or targeted advertising. You may opt out of having your cookie identifiers used for this type of sharing by turning on the Global Privacy Control at the browser level. RingCentral does not sell your personal information as may be commonly understood. However, you may opt out of having your personal information shared with certain vendors that we use for providing insights about user interactions with our website and for delivering ads to you.
  • No Automated Decision Making: We do not undertake any decision making about you based solely on automated processing, including profiling; however, certain features of our Services could be used by our customers for decision-making purposes.
 
We will not share your personal information with third parties for the third parties’ direct marketing purposes unless you have agreed to such disclosure.
 
We will verify your request using your name and email. Depending on the nature of your request, we may need additional information to verify your identity. You may authorize an agent to make a request on your behalf to exercise your privacy rights under applicable California privacy laws.
 
If you are a Colorado resident, you may have the right to appeal RingCentral’s denial of an individual rights request.
 
To exercise your rights or to allow your authorized agent to exercise your rights, please submit, or have your authorized agent submit, a ticket through our Data subject access request portal, or contact our Privacy Team at privacy@ringcentral.com.
 
 
Unsubscribe from our mailing list
 
You can manage your communication preferences through the following methods:
 
These choices do not apply to service notifications or other required communications that are considered part of certain Apps and Services, which you may receive periodically unless you stop using or cancel the App or Service in accordance with its terms and conditions.
 
 
 
HOW WE KEEP YOUR PERSONAL INFORMATION SECURED
 
Keeping your information secure is important to us. We have taken appropriate steps designed to reduce the risk that your personal information may be subject to loss, misuse, unauthorized access, disclosure, alteration or destruction.
 
For more information on RingCentral security measures, please visit the Security Trust Center.
 
 
 
HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
 
We will retain your personal information for no longer than is necessary to fulfill the purposes for which the information was originally collected unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.
 
Where we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.
 
 
 
INTERNATIONAL DATA TRANSFERS
 
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, information collected in the European Economic Area (“EEA”) and the UK, may be transferred to and stored on our servers in the United States and Switzerland, and potentially in other countries where our group companies and third-party service providers and partners operate. These countries may have data protection laws that are different to the laws in your country (and in some cases, may not be as protective).
 
Data Privacy Frameworks (EU-U.S. DPF, UK Extension, Swiss-U.S. DPF)
RingCentral Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RingCentral has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  RingCentral has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
 
Data processed and purposes of data processing
Please see the relevant sections of this Notice, sections WHAT PERSONAL INFORMATION WE COLLECT  and HOW WE USE YOUR PERSONAL INFORMATION, for information regarding the data categories processed by RingCentral as a controller on our own behalf and the purposes.
As a processor to our customers, RingCentral processes personal data that customers choose to submit to the services as customer-generated content, call detail records, usage data, and account information. The purposes for such processing is the provision, maintenance, support, and improvement of the services.
 
Type of third parties to which RingCentral discloses personal data and purposes
Please see the relevant section of this Notice:  HOW, WHY, AND WHAT PERSONAL INFORMATION WE SHARE WITH THIRD PARTIES for more information regarding the type of third parties to which RingCentral discloses personal data and for what purposes.
 
Independent Recourse Mechanism 
If you have any questions, comments or concerns about this Notice, you may contact us at privacy@ringcentral.com. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RingCentral commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, individuals may invoke binding arbitration through the Data Privacy Framework Panel. For more information, please see Annex I of the EU-U.S. Data Privacy Framework Principles.
 
Enforcement Authority
The Federal Trade Commission has jurisdiction over RingCentral’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
 
Lawful Requests for Personal Information
Please see https://www.ringcentral.com/legal/policies/data-request-guidelines.html for information regarding how RingCentral responds to lawful requests by public authorities for RingCentral to disclose personal information.
 
Individual rights to access and to limit use and disclosure
Please see the relevant section in this Notice HOW WE RESPECT YOUR PRIVACY RIGHTS  for information regarding how individuals can exercise their rights to access their personal data and to limit the use and disclosure of their personal data.
 
Liability for Onward Transfers
In the context of an onward transfer, RingCentral has responsibility for the processing of personal information it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf.  RingCentral shall remain liable under the EU-U.S. DPF Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless RingCentral proves that it is not responsible for the event giving rise to the damage.
 
Standard Contractual Clauses
RingCentral has taken (i) appropriate safeguards, including adherence to the Standard Contractual Clauses adopted by the European Commission for the transfer of your personal information outside the EEA, the UK and Switzerland to RingCentral, and (ii) further technical and organizational measures to ensure that personal information will remain protected in accordance with this Notice and any applicable laws.
 
 
 
CHILDREN’S PRIVACY
 
RingCentral does not knowingly provide products or services directly to children under the age of 16, or knowingly collect or solicit personal information from or about children under the age of 16 outside of the school offering, which is subject to the Children’s COPPA notice. If you believe that a child under the age of 16 has disclosed personal information to RingCentral outside of the school offering, please contact privacy@ringcentral.com.
 
If you have received a meeting invitation for your child from a teacher or school, or for information regarding how RingCentral handles personal data as part of the school offering, please visit: www.ringcentral.com/legal/childrens-privacy-notice-school-parental-notification.
 
 
 
THIRD-PARTY SITES
 
This Notice does not apply to, nor are we responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Website or Apps link including but not limited to social media sites. The inclusion of a link on the Website or Apps does not imply our endorsement of the linked site or service. You should check the privacy notices of those sites before providing your personal information to them.
 
 
 
BLOGS AND FORUMS
 
Our Website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas is public and may be read, collected, and used by others who access them and may remain on the public forum indefinitely. To request removal of your personal information from our blog or community forum, you can submit a request through our online portal. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. We encourage all users to exercise caution when providing personal information in blogs and community forums.
 
 
 
UPDATES TO THIS NOTICE
 
We may update this Notice from time to time in response to changing legal, technical, or business developments. If we make changes to our Notice, we will post those changes on this page in addition to updating the “Last Updated” or effective date at the top of this webpage. If we make material changes, we will notify you either by emailing you or by posting a notice of such changes prominently on this page prior to such material changes taking effect.
 
 
CONTACT US
 
If you have any questions, comments or concerns about this Notice, please e-mail our data protection officer at privacy@ringcentral.com. Or, you can write to us at:
RingCentral, Inc.
Attn: RingCentral Chief Privacy Officer
20 Davis Drive,
Belmont, California 94002 USA