Privacy Policy

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE.

Privacy Policy Consent

The Website and its Content is owned by Ngoc ‘Michelle’ Turner, LMFT and owner of The Therapist Within PLLC (“Company”, “we”, or “us”). The term “you” refers to the user or viewer of our Website (“Website”).

This Privacy Policy describes how we collect, use, process and distribute your information, including Personal Data (as defined below) used to access this Website. We will not use or share your information with anyone except as described in this Privacy Policy. The use of information collected through our Website shall be limited to the purposes under this Privacy Policy, and also our Terms of Use if you’re a client or customer.

Please read this Privacy Policy carefully. We reserve the right to change this Privacy Policy on the Website at any time without notice. In the event of a material change, we will let you know via email and/or a prominent notice on our Website.

Use of any personal information or contribution that you provide to us, or which is collected by us on or through our Website or its content is governed by this Privacy Policy.  By using our Website or its content, you consent to this Privacy Policy, whether or not you have read it. 

Information We May Collect

We collect personal information from you so that we can provide you with a positive experience when utilizing our Website or content.  We will only collect the minimum amount of information necessary for us to fulfill our obligation to you.  We may collect:

  1. A name and an email address so we can deliver our newsletter to you - you would be affirmatively consenting to this by providing this information to us in our contact forms.

  2. Billing information including name, address and credit card information so that we can process payment to deliver our products or services to you under our contractual obligation.

  3. A name and an email address if you complete our contact form with a question. We may send you marketing emails with either your consent or if we believe we have a legitimate interest to contact you based on your contact or question.

  4. Information from you from a co-branded offer. In this case, we will make clear as to who is collecting the information and whose privacy policy applies. If both / all parties are retaining the information you provide, this will also be made clear, as will links to all privacy policies.

Please note that the information above (“Personal Data”) that you are giving to us is voluntary, and by providing this information to us you are giving consent for us to use, collect and process this Personal Data. You are welcome to opt-out or request for us to delete your Personal Data at any point by contacting us at help@mallorygrimste.com.

If you choose not to provide us with certain Personal Data, you may not be able to participate in certain aspects of our Website or Content.

Other Information We May Collect

1.      Anonymous Data Collection and Use

To maintain our Website’s high quality, we may use your IP address to help diagnose problems with our server and to administer the Website by identifying which areas of the Website are most heavily used, and to display content according to your preferences. Your IP address is the number assigned to computers connected to the Internet. This is essentially "traffic data" which cannot personally identify you, but is helpful to us for marketing purposes and for improving our services. Traffic data collection does not follow a user’s activities on any other websites in any way. Anonymous traffic data may also be shared with business partners and advertisers on an aggregate basis.

2.      Use of "Cookies"

We may use the standard "cookies" feature of major web browsers. We do not set any personally identifiable information in cookies, nor do we employ any data-capture mechanisms on our Website other than cookies. You may choose to disable cookies through your own web browser’s settings. However, disabling this function may diminish your experience on our Website and some features may not work as intended.

What We Do with Information We Collect

 1.      Contact You

We may contact you with information that you provide to us based on these lawful grounds for processing:

a) Consent. We may contact you if you give us your clear, unambiguous, affirmative consent to contact you.

b) Contract.  We will contact you under our contractual obligation to deliver goods or services you purchase from us.

c) Legitimate Interest.  We may contact you if we feel you have a legitimate interest in hearing from us.  For example, if you sign up for a webinar, we may send you marketing emails based on the content of that webinar.  You will always have the option to opt out of any of our emails.

 2.      Process Payments

We will use the Personal Data you give to us in order to process your payment for the purchase of goods or services under a contract. We only use third party payment processors that take the utmost care in securing data and comply with the GDPR. 

3.      Targeted Social Media Advertisements

We may use the data you provide to us to run social media advertisements and/or create look-alike audiences for advertisements.

4.      Share with Third Parties

We may share your information with trusted third parties such as our newsletter provider in order to contact you via email, or our merchant accounts to process payments, and Google / social media accounts in order to run advertisements and our affiliates.

Viewing by Others

Note that whenever you voluntarily make your Personal Data available for viewing by others online through this Website or its content, it may be seen, collected and used by others, and therefore, we cannot be responsible for any unauthorized or improper use of the information that you voluntarily share (i.e., sharing a comment on a blog post, posting in a Facebook group that we manage, sharing details on a group coaching call, etc.).

Submission, Storage, Sharing and Transferring of Personal Data

Personal Data that you provide to us is stored internally or through a data management system. Your Personal Data will only be accessed by those who help to obtain, manage or store that information, or who have a legitimate need to know such Personal Data (i.e., our hosting provider, newsletter provider, payment processors or team members).

It is important to note that we may transfer data internationally. For users in the European Union, please be aware that we transfer Personal Data outside of the European Union. By using our Website and providing us with your Personal Data, you consent to these transfers in accordance with this Privacy Policy.

Data Retention

We retain your Personal Data for the minimum amount of time necessary to provide you with the information and/or services that you requested from us. We may include certain Personal Data for longer periods of time if necessary for legal, contractual and accounting obligations.

Confidentiality

We aim to keep the Personal Data that you share with us confidential. Please note that we may disclose such information if required to do so by law or in the good-faith belief that: (1) such action is necessary to protect and defend our rights or property or those of our users or licensees, (2) to act as immediately necessary in order to protect the personal safety or rights of our users or the public, or (3) to investigate or respond to any real or perceived violation of this Privacy Policy or of our Disclaimer, Terms and Conditions, or any other Terms of Use or agreement with us.

Passwords

To use certain features of the Website or its content, you may need a username and password. You are responsible for maintaining the confidentiality of the username and password, and you are responsible for all activities, whether by you or by others, that occur under your username or password and within your account. We cannot and will not be liable for any loss or damage arising from your failure to protect your username, password or account information. If you share your username or password with others, they may be able to obtain access to your Personal Data at your own risk.

You agree to notify us immediately of any unauthorized or improper use of your username or password or any other breach of security. To help protect against unauthorized or improper use, make sure that you log out at the end of each session requiring your username and password.

We will use our best efforts to keep your username and password(s) private and will not otherwise share your password(s) without your consent, except as necessary when the law requires it or in the good faith belief that such action is necessary, particularly when disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to others or interfering with our rights or property.

How You Can Access, Update or Delete Your Personal Data

You have the right to:

  1. Request information about how your Personal Data is being used and request a copy of what Personal Data we use.

  2. Restrict processing if you think the Personal Data is not accurate, unlawful, or no longer needed.

  3. Rectify or erase Personal Data and receive confirmation of the rectification or erasure. (You have the “right to be forgotten”).

  4. Withdraw your consent at any time to the processing of your Personal Data.

  5. Lodge a complaint with a supervisory authority if you feel we are using your Personal Data unlawfully.

  6. Receive Personal Data portability and transference to another controller without our hindrance.

  7. Object to our use of your Personal Data.

  8. Not be subject to an automated decision based solely on automatic processing, including profiling, which legally or significantly affects you.

Unsubscribe

You may unsubscribe from our e-newsletters or updates at any time through the unsubscribe link at the footer of all email communications. If you have questions or are experiencing problems unsubscribing, please contact us at michelle@mytherapistwithin.com.

Security

We take commercially reasonable steps to protect the Personal Data you provide to us from misuse, disclosure or unauthorized access. We only share your Personal Data with trusted third parties who use the same level of care in processing your Personal Data as we do. That being said, we cannot guarantee that your Personal Data will always be secure due to technology or security breaches. Should there be a data breach of which we are aware, we will inform you immediately.

Anti-Spam Policy

We have a no spam policy and provide you with the ability to opt-out of our communications by selecting the unsubscribe link at the footer of all e-mails. We have taken the necessary steps to ensure that we are compliant with the CAN-SPAM Act of 2003 by never sending out misleading information. We will not sell, rent or share your email address.

Third Party Websites

We may link to other websites on our Website. We have no responsibility or liability for the content and activities of any other individual, company or entity whose website or materials may be linked to our Website or its content, and thus we cannot be held liable for the privacy of the information on their website or that you voluntarily share with their website. Please review their privacy policies for guidelines as to how they respectively store, use and protect the privacy of your Personal Data.

Children’s Online Privacy Protection Act Compliance

We do not collect any information from anyone under 18 years of age in compliance with COPPA (Children’s Online Privacy Protection Act) and the GDPR (General Data Protection Regulation of the EU). Our Website and its content is directed to individuals who are at least 18 years old or older.

Notification of Changes

We may use your Personal Data, such as your contact information, to inform you of changes to the Website or its content, or, if requested, to send you additional information about us. We reserve the right, at our sole discretion, to change, modify or otherwise alter our Website, its content and this Privacy Policy at any time. Such changes and/or modifications shall become effective immediately upon posting our updated Privacy Policy. Please review this Privacy Policy periodically. Continued use of any of information obtained through or on the Website or its content following the posting of changes and/or modifications constituted acceptance of the revised Privacy Policy. Should there be a material change to our Privacy Policy, we will contact you via email or by a prominent note on our Website.

Data Controller and Processors

We are the data controllers as we are collecting and using your Personal Data.  We use trusted third parties as our data processors for technical and organizational purposes, including for payments and email marketing. We use reasonable efforts to make sure our data processors are GDPR- compliant.

If you have any questions about this Privacy Policy, please contact us at michelle@mytherapistwithin.com or 12810 Hillcrest Rd, Suite B120, Dallas, TX 75230, USA. 


Last Updated: September 2021

NPP for Current Clients

NOTICE OF PRIVACY PRACTICES FOR THERAPY CLIENTS OF THE THERAPIST WITHIN PLLC (as stated, use of this website is not intended as therapy, and the NPP is only relevant for clients receiving therapeutic care from the therapist(s) of The Therapist Within PLLC.

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

What is "Medical Information"?

     The term "medical information" is synonymous with the terms "personal health information" and "protected health information" for purposes of this Notice. It essentially means any individually identifiable health information (either directly or indirectly identifiable), whether oral or recorded in any form or medium, that 1) is created or received by a health care provider (me), health plan, or others and 2) relates to the past, present, or future physical or mental health or condition of an individual (you); the provision of health care (e.g., mental health) to an individual (you); or the past, present, or future payment for the provision of health care to an individual (you).

     I am a mental health care provider. More specifically, I am a Licensed Marriage and Family Therapist and a Licensed Chemical Dependency Counselor, licensed by the State of Texas. I create and maintain treatment records that contain individually identifiable health information about you. These records are generally referred to as "medical records" or "mental health records," and this notice, among other things, concerns the privacy and confidentiality of those records and the information contained therein.

Uses and Disclosures Without Your Authorization -

For Treatment, Payment, or Health Care Operations

     Federal privacy rules (regulations) allow health care providers (me) who have a direct treatment relationship with the patient (you) to use or disclose the patient's personal health information, without the patient's written authorization, to carry out the health care provider's own treatment, payment, or health care operations. I may also disclose your protected health information for the treatment activities of any health care provider. This too can be done without your written authorization.

     An example of a use or disclosure for treatment purposes: If I decide to consult with another licensed health care provider about your condition, I would be permitted to use and disclose your personal health information, which is otherwise confidential, in order to assist me in the diagnosis or treatment of your mental health condition.

Disclosures for treatment purposes are not limited to the minimum necessary standard. because physicians and other health care providers need access to the full record and/or full and complete information in order to provide quality care. The word "treatment" includes, among other things, the coordination and management of health care among health care providers or by a health care provider with a third party, consultations between health care providers, and referrals of a patient for health care from one health care provider to another.

     An example of a use or disclosure for payment purposes: If your health plan requests a copy of your health records, or a portion thereof, in order to determine whether or not payment is warranted under the terms of your policy or contract, I am permitted to use and disclose your personal health information.

     An example of a use or disclosure for health care operations purposes: If your health plan decides to audit my practice in order to review my competence and my performance, or to detect possible fraud or abuse, your mental health records may be used or disclosed for those purposes.

PLEASE NOTE: I, or someone in my practice acting with my authority, may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. Your prior written authorization is not required for such contact.

Other Uses and Disclosures Without Your Authorization:

     I may be required or permitted to disclose your personal health information (e.g., your mental health records) without your written authorization. The following circumstances are examples of when such disclosures may or will be made:

1) If disclosure is compelled by a court pursuant to an order of that court

2) If disclosure is compelled by a board, commission, or administrative agency for purposes of adjudication pursuant to its lawful authority

3) If disclosure is compelled by a party to a proceeding before a court or administrative agency pursuant to a subpoena, subpoena duces tecum (e.g., a subpoena for mental health records), notice to appear, or any provision authorizing discovery in a proceeding before a court or administrative agency.

4) If disclosure is compelled by a board, commission, or administrative agency pursuant to an investigative subpoena issued pursuant to its lawful authority.

5) If disclosure is compelled by an arbitrator or arbitration panel, when arbitration is lawfully requested by either party, pursuant to a subpoena duces tecum (e.g., a subpoena for mental health records), or any other provision authorizing discovery in a proceeding before an arbitrator or arbitration panel.

6) If disclosure is compelled by a search warrant lawfully issued to a governmental law enforcement agency.

7) If disclosure is compelled by the patient or the patient's representative.

8) If disclosure is compelled or by the Texas Family Code (for example, if I have a reasonable suspicion of child abuse or neglect).

9) If disclosure is compelled by the Texas Human Resources Code (for example, if I have a reasonable suspicion of elder abuse or dependent adult abuse).

10) If disclosure is compelled or permitted by the fact that you are in such mental or emotional condition as to be dangerous to yourself or to the person or property of others, and if I determine that disclosure is necessary to prevent the threatened danger.

11) If disclosure is compelled or permitted by the fact that you tell me of a serious threat (imminent) of physical violence to be committed by you against a reasonably identifiable victim or victims.

12) If disclosure is compelled or permitted, in the event of your death, to the coroner in order to determine the cause of your death.

13) As indicated above, I am permitted to contact you without your prior authorization to provide appointment reminders or information about alternatives or other health-related benefits and services that may be of interest to you. Be sure to let me know where and by what means (e.g., telephone, letter, email, fax) you may be contacted.

14) If disclosure is required or permitted to a health oversight agency for oversight activities authorized by law, including but limited to, audits, criminal or civil investigations, or licensure or disciplinary actions.

15) If disclosure is compelled by the U. S. Secretary of Health and Human Services to investigate or determine my compliance with privacy requirements under the federal regulations (the "Privacy Rule").

16) If disclosure is otherwise specifically required by law.

PLEASE NOTE: The above list is not an exhaustive list, but informs you of most circumstances when disclosures without your written authorization may be made. Other uses and disclosures will generally (but not always) be made only with your written authorization, even though federal privacy regulations or state law may allow additional uses or disclosures without your written authorization. Uses or disclosures made with your written authorization will be limited in scope to the information specified in the authorization form, which must identify the information "in a specific and meaningful fashion." You may revoke your written authorization at any time, provided that the revocation is in writing and except to the extent that I have taken action in reliance on your written authorization. Your right to revoke an authorization is also limited if the authorization was obtained as a condition of obtaining insurance coverage for you. If Texas law protects your confidentiality or privacy more than the federal "Privacy Rule" does, or if Texas law gives you greater rights than the federal rule does with respect to access to your records, I will abide by Texas law. In general, uses or disclosures by me of your personal health information (without your authorization) will be limited to the minimum necessary to accomplish the intended purpose of the use or disclosure. Similarly, when I request your personal health information from another health care provider, health plan or health care clearinghouse, I will make an effort to limit the information requested to the minimum necessary to accomplish the intended purpose of the request. As mentioned above, in the section dealing with uses or disclosures for treatment purposes, the "minimum necessary" standard does not apply to disclosures to or requests by a health care provider for treatment purposes because health care providers need complete access to information in order to provide quality care.

Your Rights Regarding Protected Health Information

1) You have the right to request restrictions on certain uses and disclosures of protected health information about you, such as those necessary to carry out treatment, payment, or health care operations. I am not required to agree to your requested restriction. If I do agree, I will maintain a written record of the agreed upon restriction.

2) You have the right to receive confidential communications of protected health information from me by alternative means or at alternative locations.

3) You have the right to inspect and copy protected health information about you by making a specific request to do so in writing. This right to inspect and copy is not absolute - in other words, I am permitted to deny access for specified reasons. For instance, you do not have this right of access with respect to my "psychotherapy notes." The term "psychotherapy notes" means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual's medical (includes mental health) record. The term excludes medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date.

4) You have the right to amend protected health information in my records by making a request to do so in a writing that provides a reason to support the requested amendment. This right to amend is not absolute - in other words, I am permitted to deny the requested amendment for specified reasons. You also have the right, subject to limitations, to provide me with a written addendum with respect to any item or statement in your records that you believe to be incorrect or incomplete and to have the addendum become a part of your record.

5) You have the right to receive an accounting from me of the disclosures of protected health information made by me in the six years prior to the date on which the accounting is requested. As with other rights, this right is not absolute. In other words, I am permitted to deny the request for specified reasons. For instance, I do not have to account for disclosures made in order to carry out my own treatment, payment or health care operations. I also do not have to account for disclosures of protected health information that are made with your written authorization, since you have a right to receive a copy of any such authorization you might sign.

6) You have the right to obtain a paper copy of this notice from me upon request.

PLEASE NOTE: In order to avoid confusion or misunderstanding, I ask that if you wish to exercise any of the rights enumerated above, that you put your request in writing and deliver or send the writing to me. If you wish to learn more detailed information about any of the above rights, or their limitations, please let me know. I am willing to discuss any of these matters with you. As mentioned elsewhere in this document, I am the Privacy Officer of this practice.

My Duties

     I am required by law to maintain the privacy and confidentiality of your personal health information. This notice is intended to let you know of my legal duties, your rights, and my privacy practices with respect to such information. I am required to abide by the terms of the notice currently in effect. I reserve the right to change the terms of this notice and/or my privacy practices and to make the changes effective for all protected health information that I maintain, even if it was created or received prior to the effective date of the notice revision. If I make a revision to this notice, I will make the notice available at my office upon request on or after the effective date of the revision and I will post the revised notice in a clear and prominent location.

     As the Privacy Officer of this practice, I have a duty to develop, implement and adopt clear privacy policies and procedures for my practice and I have done so. I am the individual who is responsible for assuring that these privacy policies and procedures are followed not only by me, but by any employees that work for me or that may work for me in the future. I have trained or will train any employees that may work for me so that they understand my privacy policies and procedures. In general, patient records, and information about patients, are treated as confidential in my practice and are released to no one without the written authorization of the patient, except as indicated in this notice or except as may be otherwise permitted by law. Patient records are kept secured so that they are not readily available to those who do not need them.

     Because I am the Contact Person of this practice, you may complain to me and to the Secretary of the U.S. Department of Health and Human Services if you believe your privacy rights may have been violated either by me or by those who are employed by me. You may file a complaint with me by simply providing me with a writing that specifies the manner in which you believe the violation occurred, the approximate date of such occurrence, and any details that you believe will be helpful to me. My telephone number is 469-518-8025. I will not retaliate against you in any way for filing a complaint with me or with the Secretary. Complaints to the Secretary must be filed in writing. A complaint to the Secretary can be sent to U.S Department of Health and Human Services, Region VI, Office for Civil Rights, U.S. Department of Health and Human Services, 1301 Young Street, Suite 1169, Dallas, TX 75202. Voice Phone (214) 767-4056. FAX (214) 767-0432. TDD (214) 767-8940.

     If you need or desire further information related to this Notice or its contents, or if you have any questions about this Notice or its contents, please feel free to contact me. As the Contact Person for this practice, I will do my best to answer your questions and to provide you with additional information.

This notice first became effective on July 10, 2017 and was updated September 30, 2021.

Ngoc ‘Michelle’ Turner, LMFT, LCDC

12810 Hillcrest Rd, Suite B120

Dallas, TX 75230

(469) 518-8025

michelle@mytherapistwithin.com