Marin Community Clinics Privacy Policy

Effective Date: 8-27-25
Last Updated: 8-27-25

Marin Community Clinics (“MCC,” “we,” or “our”) is committed to protecting your privacy and providing transparency about how we collect, use, and share your personal information. This Privacy Policy explains how data is handled when you interact with our website at www.marinclinic.org (“Site”).

By using the Site, you agree to the terms outlined in this policy. If you do not agree, please do not use the Site.

1. Information We Collect

We may collect the following types of information when you visit our Site:

a. Personal Information You Provide Voluntarily

Name, email, or phone number entered through contact forms
Information you share when requesting appointments, programs, or events

Please do not submit personal medical information or Protected Health Information (PHI) through website forms. For medical matters, use the MyChart portal or call us directly. If PHI is submitted through a website form in error, we will delete it or securely route it to our clinical systems consistent with our HIPAA Notice of Privacy Practices (NOPP).

b. Automatically Collected Information

When you use our Site, we may automatically collect:
IP address
Browser and device type
Pages visited and time spent on the site
Language preference
General geographic location

This information is collected through cookies and third-party analytics tools.

c. Categories of Personal Information (as defined by the California Consumer Privacy Act/California Privacy Rights Act)

Identifiers (name, email, phone number, IP address)
Internet Activity (browsing history on our Site, interaction with pages and forms)
Geolocation Data (general location based on IP)

We do not collect sensitive personal information as defined by the CPRA.

d. De-identified Information

We may use or disclose de-identified information and commit to maintain and not re-identify such data as defined by CPRA.

2. How We Use Your Information

We use the information we collect to:

Respond to your inquiries
Improve website functionality, content, and user experience
Monitor website traffic and diagnose technical issues
Maintain security and accessibility of the Site
Support compliance with federal and state privacy laws

We do not sell personal information. We also do not “share” personal information for cross-context behavioral advertising. If we ever enable features that constitute “sharing,” you may opt out at any time via the “Do Not Sell or Share My Personal Information” link and via a browser-based Global Privacy Control (GPC) signal, which we honor.

We may share your personal information with trusted service providers (e.g., analytics providers, website accessibility tools, translation tools) strictly for business purposes such as website operation, security, and performance analysis. All such providers are bound by contractual obligations to protect your data and use it only for these purposes. We require service providers and contractors to use personal information only to perform services for us, to implement appropriate safeguards, and to comply with applicable privacy laws.

3. Use of Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website. These include:

Google Analytics and Google Tag Manager for understanding user behavior
Localizer to manage multilingual content delivery
AccessiBe to support accessibility accommodations for users with disabilities

Our cookie banner, powered by CookieYes, allows you to opt in or out of non-essential cookies before they are activated. Under California law, you may also use the “Do Not Sell or Share My Personal Information” link in the footer to opt out of cross-site sharing (including analytics tracking if applicable). We honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing. Some third-party embeds (e.g., maps, videos, fonts) may set their own cookies under their policies. At this time we do not respond to “Do Not Track” (DNT) signals.

To learn more, view our full Cookie Policy. You can manage cookie preferences through the “Cookie Settings” link in the website footer.

4. Third-Party Platforms (MyChart and Others)

Our website may link to third-party platforms, including the MyChart patient portal hosted by OCHIN at https://mychart.ochin.org. MyChart is the designated secure channel for PHI and is governed by OCHIN/Epic terms and privacy.

Please note:

We do not control how third-party sites collect or use your data
Their use of cookies, privacy practices, and content are governed by their own policies
We encourage you to review their privacy terms directly before submitting any personal or medical information

5. HIPAA and Health Information

This website Privacy Policy is separate from our HIPAA Notice of Privacy Practices, which governs patient health information collected in the course of care.

This website does not collect protected health information (PHI) directly. However, your use of third-party systems such as MyChart may involve PHI and is subject to OCHIN’s HIPAA compliance policies.

For details on how MCC protects patient health data, please refer to our HIPAA Notice of Privacy Practices, which applies to clinical services offered at our facilities.

6. Your Privacy Rights (California Residents)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the right to:

Know what personal data we collect, use, disclose, or share
Request deletion of your personal data, subject to certain exceptions
Request correction of inaccurate personal data
Opt out of the sale or sharing of personal data for cross-site behavioral advertising
Limit the use of sensitive personal information (if collected)

How to Exercise Your Rights:
You may submit a privacy rights request by:

Emailing: compliance@marinclinic.org
Calling our Privacy Officer Privacy Officer: 415-755-2544
Authorized Agents and Households: You may designate an authorized agent to submit requests; we may require proof of authorization and your verification. For household requests, each member may need to verify.
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Verification Process: We will verify your request by matching the information you provide with existing records, and may request additional details to confirm your identity before fulfilling your request.

7. Data Security

We implement technical and administrative safeguards to protect your information, including:

HTTPS encryption of our website
Role-based access control for internal staff
Periodic reviews of data collection and retention practices

While we use reasonable efforts to protect your information, no system can guarantee absolute security.

8. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected.

Retention by Category: contact form submissions (up to 12 months for operations/response); web analytics event data (up to 26 months for measurement); access logs/security events (up to 12 months for security/fraud prevention). We delete or de-identify after these periods unless a longer retention is required by law (e.g., legal holds).

9. Children’s Privacy

We do not knowingly sell or share personal information of consumers under 16 years of age.

This Site is not directed to children under the age of 13, and we do not knowingly collect personal information from them. If we become aware that we have collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will revise the “Last Updated” date at the top of this page. Significant changes will be highlighted on the website.

11. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact:

Marin Community Clinics
compliance@marinclinic.org
Privacy Officer: 415-755-2544

Services

Patient Resources

Locations

Company