Coaching Privacy Page

PRIVACY POLICY + NOTICE OF PRIVACY PRACTICES (HIPAA)

Shelley Ramsey DeJongh LLC
Effective Date: January 31, 2026 | Last Updated: Date: January 31, 2026
Website: www.shelleyramseydejongh.com
Privacy Contact: info@shelleyramseydejongh.com

This document explains (1) how we handle information collected through our website, and (2) how we use and disclose Protected Health Information (PHI) under HIPAA when you receive therapy services.

1) Scope
Website information includes browsing data, cookies, and information you submit through website forms (including appointment requests).

PHI is individually identifiable health information related to your care, payment for care, or practice operations, and is protected by HIPAA and applicable Wisconsin confidentiality laws.

2) Information We Collect

A. Information you provide
Appointment requests/scheduling: name, email, preferred appointment times, and any message you submit through scheduling/contact tools.

General inquiries: information submitted through website forms or by email.

Blog interactions (if enabled): information you submit through forms (e.g., newsletter sign-up).

Please do not include sensitive health details in general website forms unless specifically directed to do so through a secure method.

B. Information collected automatically
Device/usage data: IP address, browser/device type, pages viewed, approximate location, and date/time of visits.

Cookies and similar technologies: described below.

3) How We Use Information
We use information to:

Operate, maintain, and secure the website.

Respond to inquiries and process appointment requests.

Send administrative messages (e.g., scheduling confirmations or changes).

Improve website performance and content (analytics, if enabled).

Comply with legal, ethical, and professional obligations.

4) Vendors and Platforms
We use third-party providers to deliver website and scheduling services:
Showit (website platform; may process technical data such as logs and performance data)

Squarespace (domain registrar/DNS management; may process limited technical/account data related to domain services)

SimplePractice (scheduling and practice management platform)

These vendors may process information to provide their services. Where HIPAA requires (for PHI handled on our behalf), we use appropriate safeguards.

5) How We Share Information

We do not sell your personal information. We may share information:
With service providers (platform/hosting, domain services, scheduling/practice management, security, and analytics, if enabled) as needed to operate the site and services.

To comply with legal obligations or lawful requests.

To protect the safety, rights, and security of clients, site visitors, and the practice.

In connection with a business transaction (e.g., merger or acquisition), consistent with applicable law.

6) Cookies & Tracking (Including EU/UK Requirements)
Cookies are small files stored on your device that help websites function.

We may use:
Strictly necessary cookies (security and core site functionality)

Functional cookies (preferences, if enabled)

Analytics cookies (optional; to understand traffic and improve the site, if enabled)

Scheduling/session cookies (to support booking workflows and help prevent misuse)

EU/UK visitors: Non-essential cookies (such as analytics) should be used only after consent. If a cookie banner/preferences tool is enabled, you can accept, reject, or change optional cookie preferences at any time.

You can also manage cookies via browser settings. Blocking necessary cookies may affect site features, including scheduling.

7) HIPAA: How We May Use and Disclose PHI (Without Written Authorization)

We may use and disclose PHI for:
Treatment – to provide, coordinate, or manage your care.

Payment – to bill and receive payment (claims, eligibility, and related activities).
Health Care Operations – to run the practice (quality review, consultation/supervision as permitted, training, audits, legal/accounting services, compliance).

As required by law, when required by federal or Wisconsin law.

To prevent a serious threat, when necessary to prevent or lessen a serious and imminent threat, consistent with law and ethical standards.

Special situations – such as court orders, certain law enforcement requests, and other disclosures permitted or required by law.

Psychotherapy notes: Psychotherapy notes (as defined by HIPAA) receive special protection. Most uses/disclosures require your written authorization, with limited exceptions allowed by law.

8) Uses/Disclosures That Generally Require Written Authorization
We generally require written authorization for: Marketing (except in limited circumstances), the Sale of PHI, and most uses/disclosures of psychotherapy notes.

You may revoke an authorization in writing at any time, except to the extent we have already relied on it.

9) Your Rights Regarding PHI (HIPAA)
You have the right to:
Access your records (request inspection or a copy, with limited exceptions)

Request an amendment (ask us to correct information you believe is incorrect or incomplete)

Request confidential communications (ask us to contact you in a specific way)

Request restrictions on certain uses/disclosures (we may not be able to agree to all requests; we will comply when required by law)

Receive an accounting of certain disclosures

Get a paper copy of this notice upon request

To exercise these rights, email: info@shelleyramseydejongh.com

10) Data Retention
We retain website-related information only as long as reasonably necessary for the purposes described above, unless a longer period is required by law or for security/dispute resolution. Clinical records are retained in accordance with applicable legal/professional requirements.

11) Security
We use reasonable safeguards designed to protect information, including secure connections where available, access controls, and vendor oversight. No online system is completely secure, but we work to reduce risk.

12) International Visitors (EEA/UK)
If you are in the EEA/UK:
Legal bases may include consent (optional cookies), legitimate interests (site security/improvement), and steps toward a contract (responding to scheduling requests).

International transfers: Your data may be processed in the United States by U.S.-based vendors. Where required, transfers rely on recognized safeguards (such as contractual safeguards and/or vendor-specific frameworks).

You may have rights, including access, correction, deletion, restriction, objection, and data portability, as well as the right to lodge a complaint with your supervisory authority.

13) Complaints
If you believe your privacy rights have been violated:
Contact us at info@shelleyramseydejongh.com

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). We will not retaliate against you for filing a complaint.

14) Emergencies
This website is not monitored 24/7. Do not use it for emergencies. If you are in immediate danger, call 911. If you are in crisis, call or text 988 (U.S. Suicide & Crisis Lifeline).

15) Changes to This Notice
We may update this notice from time to time. The updated version will be posted on the website and will reflect a new “Last Updated” date.