- About Your Privacy & This Policy
- Information Collection, Use, and Disclosure
- Visitor Data: Harbor Light Coaching collects, uses, and stores data regarding user visits to the website, including the particular pages visited or viewed by the user, the amount of time the user spent on the website or application, website errors experienced by the user, and information about the browser or device used to access the website and application, such as the user’s mobile device ID and IP address.Chat Function Data: This data includes any message you submit using the “Send us a message” chat function (hereinafter “Chat Function”) in the lower right-hand corner of the home page of the website. This data includes the content of your messages, the date and time of submission, whether the user opens the chat function, and whether the user hits the “send” button. Grief Assessment Data: This data includes any of the responses to the prompts on the website’s grief assessment tool, including your first name, last name, email, your answers to the questions in the prompt, whether you hit the “submit” button, and how much time is spent on the page. Your submission on this tool may be reviewed by someone at Harbor Light for intake purposes. “Let’s Keep in Touch” Data: This data includes any of the responses to the prompts on the website’s “Let’s Keep in Touch” page, including your name, phone number, the kind of loss you have experienced, and any other information you provide on this page, including whether you hit the “share with Nesreen” button, and how much time is spent on the page. Enrollment Data: This data includes any information submitted on our pages to enroll in a session, including your email, name, phone number, whether you hit the “continue” button, what kind of session you have enrolled in, and how much time is spent on the page.
- Purposes for which this information is Used: We may use the information we collect for one or more of the following purposes:
- Communication with You: To contact you or provide you with information, updates, alerts as to the website. To verify your identity. To complete the activity you requested, such as scheduling an appointment or a grief assessment. To reach out to you, either ourselves or using the appropriate authorities, if we have a good reason to believe that you or any other person may be in danger or may be either the cause or the victim of a criminal act.Administration & Improvement of ServicesTo supervise, administer, and monitor the Website. To measure and improve the quality, effectiveness, and delivery of our services. CustomizationTo personalize the website experience and to deliver content and product and service offerings relevant to individual interests, including targeted offers and ads through our websites, and via email. Compliance with LawTo respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. To comply with applicable state and federal laws, including, but not limited to laws related to protecting client and public health and safety. Other Uses with ConsentAny other purpose with your consent.
- Purposes for Which Information is Disclosed to Third Parties: Information about you may be disclosed to third parties for one or more of the following purposes:
- Business Purposes: As necessary for facilitating the grief counseling services, we may share a user’s information with a third party. We may also share your information with vendors and service providers, including our data hosting and data storage partners, analytics and vendors providing technology services and support, payment processing, and data security. We also may share information with professional advisers, such as auditors, law firms, and accounting firms.
- With Your Direction or Consent: We may share your information with third parties if you request or direct us to do so.
- Compliance with Law: We may share your information with a court, a regulatory entity, law enforcement personnel, or pursuant to a subpoena, to comply with applicable law or any obligations thereunder.
- In the Context of a Transaction: We may share your information in connection with an asset sale, merger, bankruptcy, or other business transaction.
Note that if you make any information publicly available on the Website, anyone may see and use such information.
- Cookies and Web Beacons: Like many websites, we use “cookies” and “web beacons” to collect information. A “cookie” is a small data file that is transferred to your computer’s hard disk for record-keeping purposes. We collect cookies that are necessary for the Platform to function, cookies that enhance the Platform’s performance, and cookies used for third-party tracking. A “web beacon” is a tiny and sometimes invisible image or embedded code, placed on a Web page or email that can report your visit or use to a third party. Web beacons are typically used by third parties to monitor the activity of users at a website for the purpose of web analytics, advertising optimization, or page tagging. Additional information regarding web beacons is available here. You can change your browser’s settings so it will stop accepting cookies and web beacons or to prompt you before accepting a cookie or web beacon.
- Phishing: “Phishing” takes place when a fraudster poses as a legitimate operation, and then uses that operation to take the personal information that you have provided. You should always be diligent when you are being asked for your account information and you must always make sure you do that in our secure system. We will never request your login information or your credit card information in any non-secure or unsolicited communication (email, phone or otherwise).
- Security of Information: Although our systems are built with your security and privacy in mind, no Internet-based service is 100 percent effective. We apply best practices to prevent any unauthorized access, use, and disclosure. We comply with all applicable federal laws, state laws, and regulations regarding data privacy.
- Service Providers: We may employ third-party companies and individuals to facilitate our website, to perform certain tasks that are related to the website, or to provide audit, legal, operational or other services for us. These tasks include, but are not limited to, customer service, technical maintenance, monitoring, email management and communication, database management, billing and payment processing, reporting, and analytics. We will share with them only the minimum necessary information to perform their task for us and only after entering into appropriate confidentiality agreements.
- Children’s Privacy: We do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to become our user. The Platform is not directed and not intended to be used by children under the age of 13. If you are aware that we have collected Personal Information from a child under age 13, please let us know by contacting us and we will delete that information.
- Compliance with Laws and Law Enforcement: We cooperate with government and law enforcement officials to enforce and comply with the law. We may disclose information necessary or appropriate to protect the safety of the public or any person, to respond to claims and legal process (including but not limited to subpoenas), and to prevent or stop activity that may be illegal or dangerous. You should also be aware that Nesreen Ahmed may be obliged to disclose information to law enforcement or other authorities to conform to her professional and legal responsibilities. Specifically, and without limitation, you should be aware that the law requires mental health professionals to disclose information and/or take action in the following cases: (a) reported or suspected abuse of a child or vulnerable adult; (b) serious suicidal potential; (c) threatened harm to another person; (d) court-ordered presentation of treatment.
Additional Privacy Statement for EU, EEA and UK Users
If you are located in the European Union (EU), the European Economic Area (EEA) or the United Kingdom (UK), in certain circumstances, you have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws.
- Right Not to Provide Consent or to Withdraw Consent: We may seek to rely on your consent to process certain personal data. Where we do so, you have the right to decline or withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
- Right of Access and/or Portability: You may have the right to request that we disclose certain information to you about our data collection and, in some limited circumstances, have that data provided to you so that you can provide or “port” that data to another provider.
- Correction: You have the right to correct any inaccurate personal data held relating to you.
- Right of Erasure: In certain circumstances, you may have the right to erase personal data that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected, unless we have a legal obligation to retain your personal data or are required to retain your personal data for reasons of public interest or for the establishment, exercise or defense of legal claims).
- Right to Object to Processing: You may have the right to request that Harbor Light Coaching stop processing your personal data and/or to stop sending you marketing communications.
- Right to Rectification: You may have the right to require us to correct any inaccurate or incomplete personal data that we may hold on you.
- Right to Restrict Processing: You may have the right to request that we restrict processing your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).
- Right to File a Complaint to Your Local Data Protection Authority: You have the right to complain to your applicable data protection authority about our collection and use of your personal data.
How to Exercise Your Rights
To exercise any of the rights above, email us at [email protected].
Please identify yourself and specify your request. We will ask you to provide additional verification information. What we request will depend on the nature of your request, how sensitive the information is, and how harmful unauthorized disclosure or deletion would be.
Please note that a number of these rights only apply in certain circumstances and that all of these rights may be limited by law (for example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests, or where we are required by law to retain your personal data).
We use commercially reasonable efforts to delete your personal data as required but retain records where necessary to comply with a governmental authority or applicable law. Where legally permitted, we may decline to process requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others.
How Do We Share Your Personal Data? We do not sell or rent your personal data to third parties, but we share your information with third parties in order to provide our services. For example, we might share your personal data for:
- Legal Compliance and Security Reasons (Including to Protect Our Services and Business, in Our Legitimate Interests or as Required by Law): We may disclose your account and other personal data if we believe it is necessary to comply with the law, a court order, governmental regulations, or other legal process, or to protect the rights, property, or safety of Harbor Light Coaching, yourself, or others. This includes exchanging personal data with other companies and organizations for fraud protection and credit risk reduction or with regulators, law enforcement agencies, public authorities, or any other relevant organizations:
- in response to a legal obligation;
- if we have determined that it is necessary to share your personal data to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries;
- to protect the interests of, and ensure the safety and security, of us, our users, a third party or the public;
- to exercise or defend legal claims; and
- With service providers and vendors for a business purpose or to perform on a contract with you. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. Some of these third-party service providers include:
- data analytics vendors used to monitor and analyze the use of our service, or other third-party vendors that we use to provide our Website to you;
- security vendors;
- website hosting vendors;
- other vendors helping us to provide the service; and
- payment processors.
These service providers assist us with many different functions and tasks, such as providing data storage and disaster recovery services and communicating with you.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- With professional advisors, in our legitimate interests or as required by law. As necessary, we will share your personal data with professional advisors functioning as service providers, such as auditors, law firms, or accounting firms.
- With our affiliates, in our legitimate interests. We may share your personal data with companies within our corporate family.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.
We may also provide third parties with aggregate statistics, traffic patterns and related information. This aggregate information reflects the service-usage patterns of visits to our services each month, but they do not contain information that personally identifies you.
We are required by law to obtain, verify, and record personal information—such as your name, address and date of birth—in order to confirm your identity and banking information.
Harbor Light Coaching collects, retains, and uses private information from employees and subcontractors, including the following:
- Information Harbor Light Coaching receives on applications or other forms, including, but not limited to, identifying information such as address, telephone number, e-mail address, social security number, or date of birth;
- Tax ID #; and
- Background security checks.
Information Harbor Light Coaching May Share
Harbor Light Coaching operates globally, which means personal data may be stored and processed (for example stored in a data center) in any country where we or our service providers have facilities or hold events. By using Harbor Light Coaching or providing personal data for any of the purposes stated above, you acknowledge that your personal data may be transferred to or stored in the United States or in other countries around the world. Such countries may have data protection rules that are different and less protective than those of your country.
If you are a resident of the EU, EEA or UK, and your personal data is transferred outside of the EU, EEA or the UK, as applicable, we transfer this data where this is necessary to perform our contract with you in order to provide the services or where you consent.
We will retain your information in accordance with the appropriate statutory limitation periods as required by local law, in line with our legitimate business purposes for as long as your account is active, or for as long as needed to provide you with the services, as required in order to comply with our legal obligations, a court order or to defend or pursue legal claims, in line with industry codes of practice, and/or to resolve disputes and enforce our agreements.
Effective Date: February 1, 2022
Last [Updated/Reviewed] on: February 1, 2022
Where noted in this Policy, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some its requirements.
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data; or
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. N.B. Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.
|Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial information.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity.
|Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
|G. Geolocation data.
|Physical location or movements.
|H. Sensory data.
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
|Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
|Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our Website.
Use of Personal Information
We may use, or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Website, products, and services.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Company has disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.
We do not sell personal information. For more on your personal information sale rights, see Personal Information Sales Opt-Out and Opt-In Rights.
|Personal Information Category
|Category of Third-Party Recipients
|Business Purpose Disclosures
|B: California Customer Records personal information categories.
|C: Protected classification characteristics under California or federal law.
|D: Commercial information.
|E: Biometric information.
|F: Internet or other similar network activity.
|G: Geolocation data.
|H: Sensory data.
|I: Professional or employment-related information.
|J: Non-public education information.
|K: Inferences drawn from other personal information.
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
We do not provide a right to know or data portability disclosure for B2B personal information.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
We do not provide these deletion rights for B2B personal information.
To exercise your rights to know or delete described above, please submit a request by either:
- Calling us at (917) 830-6863.
- Emailing us at [email protected].
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may also make a request to know or delete on behalf of your child by reaching us at the aforementioned phone number or email address.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- A California state ID.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
For instructions on exercising your sale opt-out or opt-in rights, see Personal Information Sales Opt-Out and Opt-In Rights.
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please follow up at the email and phone number listed above.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
If you are age 16 or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years old. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page link:
[Do Not Sell My Personal Information”]
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by:
Opt-In Instructions or URL Link
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].
Phone: (917) 830-6863.
Email: [email protected].
If you need to access this Policy in an alternative format due to having a disability, please contact us at the above phone number and email address.