Privacy Notice for US Residents

Last updated: March 22, 2023

Autism Learning Partners (“ALP,” “we,” or “us”) understands the importance of your privacy and we take our responsibility to protect your information seriously. This Privacy Notice for US Residents (“Notice”) supplements the information in the Privacy Policy posted on our website https://www.autismlearningpartners.com/. This Notice provides a description of our online and offline practices regarding the collection, use, and retention of personal information. This Notice applies to personal information relating to US residents. Specifically, this Notice applies to our processing activity when we are acting as a “business” under the US Consumer Privacy Act, as amended by the US Privacy Rights Act (“CCPA”)—meaning that we control the purposes and means of processing your personal information. Some of the personal information we collect may be exempt from some or all of the requirements under the CCPA. Please read this Notice carefully before sharing information with us so you understand our practices regarding your information.

Information We Collect and Disclose

As defined by the CCPA, “personal information” includes any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that is:

• Lawfully made available from government records;
• We have a reasonable basis to believe is lawfully made available to the general public by the consumer or from widely distributed media, or by the consumer;
• Made available by a person to whom the consumer has disclosed the information if the consumer has not restricted the information to a specific audience;
• Lawfully obtained, truthful information that is a matter of public concern;
• Deidentified or aggregate consumer information; or
• Information excluded from the CCPA’s scope, including personal information covered by certain sector-specific privacy laws such as the Fair Credit Reporting Act.

In the past 12 months, ALP has collected the following categories of personal information from consumers and disclosed such information to the following categories of third parties for business purposes.

Categories of PI Collected Examples Categories of Third Parties to Whom Disclosed
Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers, National Provider Identifier (NPI) • IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants
• Online analytics and marketing/advertising service providers
• Financial institutions and payment processors
• Contracted Payors
• External vendors
• Order processing and fulfillment providers
• Customer contact service centers
• Professional advisors (accountants, lawyers, and auditors)
Personal information types listed in the US Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, or employment information

Some personal information included in this category may overlap with other categories • IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants
• Online analytics and marketing/advertising service providers
• Professional advisors (accountants, lawyers, and auditors)
• Contracted Payors
• Contracted external vendors
• Federal Programs i.e. Medicaid
Commercial information Records of services purchased, obtained, or considered • IT and cloud/hosting service providers, such as our email providers, business application providers, hosting providers, managed services providers, and IT consultants
• Financial institutions and payment processors
• Professional advisors (accountants, lawyers, and auditors)
Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement • IT and cloud/hosting service providers
• Online analytics and marketing/advertising service providers
Sensory data Audio recordings, voicemail, or similar information. • IT and cloud/hosting service providers, such as our email providers, business application providers, hosting providers, and telephone communication providers and others who assist with quality assurance
Legally protected classification characteristics Race, color, national origin, citizenship, religion, marital status, sex, sexual orientation, age (40 years or older), gender • Contracted Payors for audits
• IT and cloud/hosting service providers, such as our email providers, business application providers, hosting providers, and telephone communication providers and others who assist with quality assurance

Non-public education information Education records directly related to a student that are maintained by an educational institution pursuant to the Family Educational Rights and Privacy Act • Contracted Payors
• Contracted external vendors
• Federal Programs i.e. Medicaid

Please note that we may also use, disclose, or transfer your information in connection with the sale, merger, dissolution, restructuring, divestiture, or acquisition of our company or its assets. We may also disclose your personal information in response to a court order, subpoena, search warrant, law, or regulation.
How We Collect Your Information

ALP collects the categories of personal information listed above from the following sources:

• Direct collection: We collect information directly from you when you choose to provide it to us by filling out forms on our website, communicating with us, or otherwise directly providing the information to us.
• Indirect and technology-based collection: We also collect certain information from you indirectly when you visit, use, or navigate our website or mobile application. ALP collects certain identifiers (such as IP addresses) and internet and similar network activity (such as website usage data) from you indirectly using cookie, pixels, and passive tracking technologies, as described in our Privacy Policy.
• Collection via social media: We may collect personal data about social media users, including basic user profile information (such as username), user-generated content (such as posts, comments, pages, profiles, or feeds) and associated metadata (such as time and location of a post or comment); contact details (such as name, email address, telephone number if made public by the user); and additional individual information published by the user (such as employer, profession, age, location, education information, habits, etc.). The type and scope of personal data obtained from social media platforms depends on the type of APIs and permissions set out by the respective platforms and the administrative permissions granted by individuals, where applicable.
• Third-party collection: From time-to-time, we may obtain marketing or lead lists from third party vendors. We use these, for example, to send you marketing communications.
Sensitive Personal Information

ALP does not collect “sensitive personal information” (as defined by the CCPA) for the purposes of inferring characteristics about US consumers. Accordingly, ALP treats any such information as “personal information” consistent with applicable provisions of the CCPA.

Retention of Personal Information

For each category of personal information identified above, ALP will retain such information only for as long as is necessary for the purposes set out in this Notice. The criteria used to determine our retention periods for each category of personal information include (i) the length of our ongoing relationship with a particular consumer, (ii) the period of time necessary to comply with our legal obligations (for example, if we are required to retain your personal information to comply with applicable laws), and (iii) any time necessary to resolve disputes and enforce our legal agreements and policies that may be relevant to a particular consumer’s personal information. At the end of the retention period, ALP will securely delete the personal information. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

Federal Health Care Programs
ALP shall maintain all documents and records relating to reimbursement from Federal health care programs for seven years from the Date of last Service (or longer if otherwise required by law).
Medical Records
ALP shall maintain appropriate and thorough medical records for each client. Client information is strictly confidential and is to be communicated only to those staff and health care providers or organizations who are permitted by law to review such records, and who have a legitimate need to know.
ALP shall secure all medical records against loss, destruction, unauthorized access, unauthorized reproduction, corruption and/or damage.
ALP shall maintain and destroy all medical records as required under federal and state laws and regulations, and in a manner that protects the patient’s privacy.
Adult medical records will be retained for a minimum of ten years from the date of the most recent entry.
The medical records of minors will be retained for a minimum of ten years from the date of the most recent entry, or until three years after the minor client reaches the age of majority (i.e., until client turns 21) whichever date is later.

Billing Records
At a minimum, billing related documentation will be retained for seven years after the close of the calendar year in which the benefit was paid or denied.

Employee Records
ALP shall maintain and destroy all personnel records as required under federal and state laws and regulations, and in a manner that protects the employee’s privacy. At a minimum, employee related documentation will be retained for a minimum of four years from the date of termination of an employee or non-hire of an application. Records may be retained longer if a Department of Fair Employment and Housing (DFEH) complaint has been filed.

Use of Personal Information
We collect and use your personal information for the following business or commercial purposes (as well as any other purposes as set forth in our Privacy Policy).
• Providing and optimizing your experience on our website and ensuring that our content is presented to you in the most effective manner.
• Communicating with you and updating you about changes to our website or services and investigating any concerns you may have.
• Developing, updating, and improving our customer service and marketing efforts, and otherwise improving our knowledge and insights regarding clients and staff.
• Preventing and detecting fraud, financial crime, hacking activities, security breaches, and other unlawful activities in connection with ALP and its affiliates.
• Enforcing our agreements and complying with our legal or regulatory obligations.
• Performing other functions as otherwise described to you at the time of collection or to which you otherwise consent.
Sale or Share of Personal Information

In the past 12 months, ALP has not “sold” any categories of personal information or “shared” any such information for the purposes of cross-context behavioral advertising. Likewise, ALP does not have actual knowledge of any sales or sharing of personal information regarding minors under 16 years of age.

Your Rights Under the CCPA

The CCPA provides US residents with the rights discussed below. For convenience, and as required by the CCPA, we explain how you can exercise those rights, to the extent they are applicable.

1. Right to Request Information. You have the right to request that we disclose certain information about our collection and use of your personal information during the past twelve (12) months. Specifically, you may request that we disclose:
• The categories of personal information we collected about you;
• The categories of sources for the personal information we collected about you;
• The business and commercial purposes for collecting your personal information;
• The categories of third parties to whom we disclosed your personal information;
• The specific pieces of personal information we collected about you; and
• If we disclosed your personal information for a business purpose, the categories of personal information received by each category of third party.
2. Right to Data Portability. You have the right to request that we provide copies of the specific pieces of personal information we collected about you. If a verifiable consumer request is made, and subject to any exceptions or limitations under the CCPA, we will take steps to deliver the personal information to you either by mail or electronically. If we provide the information to you electronically, it will be in a portable and readily useable format, to the extent technically feasible. Consistent with the CCPA and our interest in the security of your personal information, we will describe but may not provide copies of certain personal information we may receive from you (e.g., driver’s license number, other government-issued identification number, financial account number, health or medical identification number, account password, or security questions or answers) in response to a CCPA request, to the extent any of those items are in our possession.
3. Right to Request Deletion. You have the right to request that we delete personal information we collected from you, subject to any exceptions or limitations under the CCPA.
4. Right to Correct Inaccurate Information. If we maintain inaccurate personal information about you, you have the right to request that we correct that inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
5. Right to Opt-Out. Consumers in US have the right to opt-out of (a) the sale of personal information, or (b) the sharing of their personal information for the purposes of cross-context behavioral advertising (as defined in the CCPA). Because ALP does not process “sell” or “share” personal information, these rights are not available.
Exercising Your Rights to Request Information, Data Portability, Request Deletion, and Correct Inaccurate Information

To exercise the rights described above, you—or someone authorized to act on your behalf—must submit a verifiable consumer request to us by sending an e-mail to: PrivacyOfficer@autismlearningpartners.com with the subject line: “CCPA Request” or calling us at 800-837-6855. Your request must include your name, e-mail address, mailing address, phone number, the nature of your inquiry and the context in which we may have received your information. If you are an agent submitting a request on behalf of a consumer, we may request that you submit a signed permission from the consumer authorizing you to make the request. In order to protect the privacy and data security of consumers, the verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of such consumer; and
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

As indicated above, please be aware that the CCPA provides certain limitations and exceptions to the foregoing rights, which may result in us denying or limiting our response to your request.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We may also request that you provide additional information if needed to verify your identity or authority to make the request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you or the consumer on whose behalf you are making the request.

 

Response Timing and Format

The CCPA requires us to respond to a verifiable consumer request within forty-five (45) days of its receipt; however, we may extend that period by an additional 45 days. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response via e-mail. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request, provided that you may request disclosure beyond the 12-month period as permitted by the CCPA. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select the format of our response; the format will be readily useable and should allow you to transmit the information from one entity to another. We will not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the request.

Our Commitment Not to Discriminate

Consistent with the CCPA, we will not discriminate against you for exercising any of your CCPA rights by:
• Denying you services.
• Charging you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
• Providing you a different level or quality of services.
• Suggesting that you may receive a different price or rate for services or a different level or quality of services.
Changes to this Notice

We reserve the right to amend this Notice at our discretion and at any time. If there are changes to this Notice, we will post them here and update the “Last Updated” date at the top of this document. Continued use of this website after any changes is deemed to be acceptance of those changes. Please check this page periodically for updates.

 

Data Sharing or Direct Marketing Purposes
US Civil Code § 1798.83 (US’s Shine the Light Act) further permits US residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a US resident, you may ask us to refrain from sharing your personal information with certain of our affiliates and other third parties for their marketing purposes. Please tell us your preference by contacting us at the contact information below.

 

Contact Information

If you have any questions or comments about this Notice, please contact us using the following information.

Autism Learning Partners
Address: 1333 S. Mayflower Avenue, Suite 220, Monrovia, CA 91016
Phone: 800-837-6855
Email: PrivacyOfficer@autismlearningpartners.com