Privacy Policy

Last updated: January 1, 2026

Introduction

Road to Emmaus Recovery ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

Information We Collect

Currently, our website does not collect personal information through forms or automated tracking. However, we may collect:

  • Information you voluntarily provide when contacting us via email or phone
  • Information automatically collected through your use of our website (such as IP address, browser type, and pages visited)
  • Cookies and similar tracking technologies (if implemented in the future)

How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide support
  • Improve our website and services
  • Comply with legal obligations
  • Protect our rights and prevent fraud

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only:

  • With your consent
  • To comply with legal obligations
  • To protect our rights and safety
  • With service providers who assist us in operating our website (under strict confidentiality agreements)

Your Rights (GDPR & CCPA)

Depending on your location, you may have certain rights regarding your personal information:

GDPR Rights (European Union)

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access: You can request a copy of the personal information we hold about you, including information about how we use it and who we share it with.
  • Right to Rectification: You can request correction of inaccurate or incomplete information.
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal information in certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we use your personal information.
  • Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to processing of your personal information for certain purposes.
  • Right to Withdraw Consent: If we process your information based on consent, you can withdraw that consent at any time.

CCPA Rights (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to Delete: You can request deletion of your personal information (subject to certain exceptions).
  • Right to Opt-Out: You can opt-out of the sale of personal information (we do not currently sell personal information).
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Correct: You can request correction of inaccurate personal information.

To exercise these rights, please contact us at road2emmaus1@yahoo.com or call us at (626) 263-0891. We will respond to your request within 30 days (or as required by applicable law).

HIPAA Privacy Rights

If you are a patient or client receiving services from Road to Emmaus Recovery, you have certain rights regarding your protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA):

  • Right to Access: You have the right to access and obtain a copy of your health information.
  • Right to Request Amendment: You can request corrections to your health information if you believe it is incorrect or incomplete.
  • Right to Request Restrictions: You can request restrictions on how we use or disclose your health information.
  • Right to Request Confidential Communications: You can request that we communicate with you in a specific way or at a specific location.
  • Right to an Accounting of Disclosures: You can request a list of certain disclosures we have made of your health information.
  • Right to File a Complaint: You have the right to file a complaint if you believe your privacy rights have been violated.

For more information about your HIPAA rights or to exercise these rights, please contact us directly. We are committed to protecting your health information and will provide you with our Notice of Privacy Practices upon request.

Important: For sensitive health information, please contact us by phone or in person. Standard email communications may not be fully secure and should not be used for protected health information.

Cookies and Tracking Technologies

Currently, our website does not use cookies or tracking technologies. If we implement these technologies in the future, we will update this Privacy Policy and provide you with the option to manage your cookie preferences.

Data Security

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

For protected health information (PHI) under HIPAA, we implement additional security measures including:

  • Administrative, physical, and technical safeguards to protect PHI
  • Access controls to ensure only authorized personnel can access PHI
  • Secure communication channels for sensitive health information
  • Regular security assessments and updates
  • Employee training on HIPAA compliance and data security

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

For protected health information (PHI), we retain records in accordance with HIPAA requirements and applicable state laws, typically for a minimum of 6 years from the date of creation or last effective date, whichever is later.

Data Breach Notification

In the event of a data breach that compromises your personal information, we are committed to taking appropriate action in accordance with applicable laws and regulations.

For General Personal Information: If we become aware of a data breach affecting your personal information, we will notify affected individuals and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach (as required by GDPR for EU residents) or within the timeframe required by state and federal laws (as required by various state data breach notification laws and CCPA for California residents).

For Protected Health Information (PHI): If a breach of unsecured PHI occurs, we will notify affected individuals and the Department of Health and Human Services (HHS) as required by HIPAA. Notifications will be provided without unreasonable delay and in no case later than 60 days after discovery of the breach. Individual notifications will be provided by first-class mail (or email if preferred) and will include:

  • A brief description of what happened
  • The types of information that were involved
  • Steps you should take to protect yourself from potential harm
  • A brief description of what we are doing to investigate the breach, mitigate losses, and protect against further breaches
  • Contact information for questions

Notification Method: We will notify you using the contact information we have on file. If you believe your information may have been compromised, please contact us immediately at road2emmaus1@yahoo.com or (626) 263-0891.

Data Transfers

Your information is processed and stored in the United States. If you are located outside the United States, please be aware that we may transfer your information to the United States, where data protection laws may differ from those in your country.

By using our website or providing us with your information, you consent to the transfer of your information to the United States.

Legal Basis for Processing (GDPR)

If you are located in the European Union, we process your personal information based on the following legal bases:

  • Consent: When you have given clear consent for us to process your personal information for a specific purpose.
  • Legitimate Interests: When processing is necessary for our legitimate interests, such as improving our services, provided these interests do not override your rights and freedoms.
  • Legal Obligations: When processing is necessary to comply with legal obligations.
  • Vital Interests: When processing is necessary to protect someone's life or physical safety.

Children's Privacy

Our website is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Road to Emmaus Recovery

Email: road2emmaus1@yahoo.com

Phone: (626) 263-0891