AVATAR COGNITIVE AND BEHAVIORAL CENTER, LLC 

WEBSITE PRIVACY POLICY 

Last Modified: August 11, 2025 

DR. LISANDRA MENDOZA 

7901 4TH STREET NORTH SUITE 300 

ST. PETERSBURG, FLORIDA 33702 

THIS PRIVACY POLICY (THIS “PRIVACY POLICY”) DESCRIBES HOW YOUR MEDICAL  INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO  THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. 

1. Applicability. AVATAR COGNITIVE AND BEHAVIORAL CENTER, LLC  (“Company,” “we,” or “us”) respect your privacy and are committed to protecting it through our  compliance with this Privacy Policy. We are also legally required to maintain the privacy of your protected  health information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”)  and other federal and state laws. We follow state privacy laws when they are stricter or more protective of  your PHI than federal law. This Privacy Policy describes the types of information we may collect from you  or that you may provide when you visit the website AVATARCBC.COM (our “Website”) and our practices  for collecting, using, maintaining, protecting, and disclosing that information.  

A. As part of our commitment and legal compliance, we are providing you with this  Privacy Policy which describes: 

i. Our legal duties and privacy practices regarding your PHI, including our  duty to notify you following a data breach of your unsecured PHI; 

ii. Our permitted uses and disclosures of your PHI; and 

iii. Your rights regarding your PHI. 

B. This Privacy Policy applies to information we collect: 

i. On this Website; 

ii. In e-mail, text, and other electronic messages between you and this Website;

iii. Through mobile and desktop applications you download from this Website,  which provide dedicated non-browser-based interaction between you and this Website; and/or 

iv. When you interact with our advertising and applications on third-party  websites and services if those applications or advertising include links to this Privacy Policy. 

C. This Privacy Policy does not apply to information collected by: 

i. Us offline or through any other means, including on any other website  operated by Company or any third party (including our affiliates and subsidiaries); or  

ii. Any third party (including our affiliates and subsidiaries), including through  any application or content (including advertising) that may link to or be accessible from or through the  Website. 

D. Please read this Privacy Policy carefully to understand our policies and practices  regarding your information and how we will treat it. If you do not agree with our policies and practices,  your choice is not to use our Website. By accessing or using this Website, you agree to this Privacy Policy.  This Privacy Policy may change from time to time subject to the Company’s sole discretion. Your continued  use of this Website after we make changes is deemed to be acceptance of those changes, so please check  the policy periodically for updates.  

2. Children Under the Age of 18. Our Website is not intended for children under eighteen  (18) years of age. No one under age eighteen (18) may provide any personal information to or on the  Website. We do not knowingly collect personal information from children under the age of eighteen (18).  If you are under the age of eighteen (18), do not use or provide any information on this Website or through  any of its features, register on the Website, make any purchases through the Website, use any of the  interactive or public comment features of this Website, or provide any information about yourself to us,  including your name, address, telephone number, e-mail address, or any screen name or user name you may  use; provided however, that your legal guardian may submit this information on our Website on your behalf  for purposes of receiving care from the Company’s mental health care providers. If we learn we have  collected or received personal information from a child under eighteen (18) without verification of parental  consent, we will delete that information. If you believe we might have any information from or about a  child under the age of eighteen (18), please contact our office. Please note that California residents under  sixteen (16) years of age may have additional rights regarding the collection and sale of their personal  information. Please see your state’s privacy rights for more information. 

3. Information We Collect About You and How We Collect It.  

A. We collect several types of information from and about users of our Website,  including information:

i. By which you may be personally identified, such as name, postal address, e mail address, telephone number, or any other identifier by which you may be contacted online or offline  (“personal information”); 

ii. That is about you but individually does not identify you; and/or 

iii. About your internet connection, the equipment you use to access our  Website, and usage details. 

B. We collect this information: 

i. Directly from you when you provide it to us; 

ii. Automatically as you navigate through the site (information collected  automatically may include usage details, IP addresses, and information collected through cookies, web  beacons, and other tracking technologies; and/or 

iii. From third parties, for example, our business partners. 

4. Information You Provide to Us.  

A. The information we collect on or through our Website may include: 

i. Information that you provide by filling in forms on our Website. This  includes information provided at the time of registering to use our Website, subscribing to our service,  posting material, or requesting further services. We may also ask you for information when you report a  problem with our Website.  

ii. Records and copies of your correspondence (including e-mail addresses), if  you contact us. 

iii. Details of transactions you carry out through our Website and of the  fulfillment of your orders. You may be required to provide financial information on our Website. 

B. Please note that you may also submit information to be published or displayed  (hereinafter, “posted”) on public areas of the Website or transmitted to other users of the Website or third  parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to  others at your own risk. Although we limit access to certain pages, please be aware that no security measures  are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with  whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that  your User Contributions will not be viewed by unauthorized persons. 

5. Information We Collect Through Automatic Data Collection Technologies. 

A. As you navigate through and interact with our Website, we may use automatic data  collection technologies to collect certain information about your equipment, browsing actions, and patterns,  including: 

i. Details of your visits to our Website, including traffic data, location data,  logs, and other communication data and the resources that you access and use on the Website. 

ii. Information about your computer and internet connection, including your  IP address, operating system, and browser type. 

B. The information we collect automatically may include personal information, but we  may maintain it or associate it with personal information we collect in other ways or receive from third  parties. It helps us to improve our Website and to deliver a better and more personalized service, including  by enabling us to: 

i. Speed up your searches. 

ii. Recognize you when you return to our Website. 

C. The technologies we use for this automatic data collection may include: 

i. Cookies, which are small files placed on the hard drive of your computer.  You may refuse to accept browser cookies by activating the appropriate setting on your browser. However,  if you select this setting, you may be unable to access certain parts of our Website. Unless you have adjusted  your browser setting so that it will refuse cookies, our system will issue cookies when you direct your  browser to our Website.  

ii. Web beacons, which are small electronic files that may be contained in our  Website and our e-mails (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the  Company, for example, to count users who have visited those pages or opened an e-mail and for other  related website statistics (for example, recording the popularity of certain website content and verifying  system and server integrity).  

6. Third-Party Use of Cookies and Other Tracking Technologies. Some content or  applications, including advertisements, on the Website are served by third-parties, including advertisers, ad  networks and servers, content providers, and application providers. These third parties may use cookies  alone or in conjunction with web beacons or other tracking technologies to collect information about you  when you use our website. The information they collect may be associated with your personal information  or they may collect information, including personal information, about your online activities over time and  across different websites and other online services. They may use this information to provide you with  interest-based (behavioral) advertising or other targeted content. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other  targeted content, you should contact the responsible provider directly.  

7. How We Use Your Information.  

A. We use information that we collect about you or that you provide to us, including  any personal information: 

i. To present our Website and its contents to you. 

ii. To provide you with information, products, or services that you request  from us. 

iii. To fulfill any other purpose for which you provide it. 

iv. To carry out our obligations and enforce our rights arising from any  contracts entered into between you and us, including for billing and collection. 

v. To notify you about changes to our Website or any products or services we  offer or provide though it. 

vi. To allow you to participate in interactive features on our Website. 

vii. In any other way we may describe when you provide the information. 

viii. For any other purpose with your consent. 

ix. No personal information, mobile number, or messaging consent  information will be shared with third parties or affiliates for marketing or promotional purposes. 

8. HIPAA and PHI.  

A. Confidentiality. As a general rule, we will not disclose PHI about you, or the fact  that you are our patient (if applicable), without your prior written consent. Our formal mental health  records describe: (i) the services rendered to you; (ii) the dates you received the services; (iii) a diagnosis if  applicable; (iv) functional status; (v) symptoms, prognosis, and progress; and/or (vi) any assessment tools  administered or obtained. We are legally allowed to use or disclose records or your PHI for rendering the  services, payment, and healthcare operations. However, we do not routinely disclose PHI in such  circumstances, and will require your permission in advance, either through your consent at the onset of the  professional relationship (by signing a consent form), or through your written authorization at the time the  need for disclosure arises. You may revoke your consent at any time, in writing, by contacting us. 

B. Limits on Confidentiality. There are some important exceptions to the above referenced rule of confidentiality, which permit or require us to disclose confidential PHI without your  consent or authorization. If such situation arises, we will limit disclosure to what is necessary. If you wish  to receive mental health services from us, we require that you sign a document indicating that you  understand and accept our policies regarding confidentiality and their limits. We may use or disclose records  or other PHI about you without your consent or authorization in the following circumstances, either by  policy, or because we are legally required: 

i. Court Proceedings, Orders, and Subpoenas. Your PHI is generally  protected by the patient-psychologist privilege if you are involved in a court proceeding and a request is  made concerning your diagnosis and treatment. In other words, we cannot disclose any PHI without your  (or your legal representative’s) written authorization. We will contact you twice by phone so you may take  the steps you deem necessary to prevent the release of your confidential PHI if we receive a subpoena for  your records. We will send you an e-mail or written correspondence if we cannot contact you by phone.  Please note that we are required by law to provide the PHI specifically described in a legitimately issued  court order. For the avoidance of doubt, we are required to comply with a court order despite any attempts  to contact you and keep your records confidential. You should consult with an attorney to determine  whether a court would be likely to order us to disclose PHI if you are involved in (or contemplating)  litigation.  

ii. Court Ordered Services. A court may request records or documentation of  your participation in the services if such services are court ordered. We will attempt to discuss the  information and/or documentation with you before sending it to the court. 

iii. Governmental Agency Request. We may be required to give your PHI to a  governmental agency requesting the PHI for health oversight activities. For example, your PHI may be  disclosed to an agency directly overseeing the receipt of healthcare, claim for public benefits related to  mental health, or qualification for, or receipt of, public benefits or services when your mental health is  integral to the claim for benefits or services, or for specialized government functions.  

iv. Defense of Claims. We may disclose relevant PHI about you and/or the  services you received from us in order to defend ourselves if you file a complaint or lawsuit against us.  

v. Fee disputes. In the event of a credit card dispute, we reserve the right to  provide the necessary documentation to your bank or credit card company. If a financial balance is on your  account, a bill will be sent to your home address or by e-mail, unless otherwise noted.  

vi. Worker’s Compensation. We must, upon appropriate request, submit  treatment reports to your employer, insurance carrier, authorized qualified rehabilitation provider, and/or  any other appropriate parties in the event that you file a worker’s compensation claim and we are rendering  necessary services related to that claim. 

vii. Internal Operations. We may use and disclose your PHI as part of internal  operations to business associates (who may be employees or independent contractors) that perform  functions on our behalf or render services to us if the PHI is necessary for such functions or services. Our  business associates sign agreements to protect the privacy of your PHI and are not allowed to use or disclose  any information other than as specified herein.  

viii. Disclosure to Other Professionals. Occasionally, we may need to consult  with other professionals in their areas of expertise in order to render the best services for you. Information  about you may be shared by us in this context without using your name.  

ix. Child Abuse. We are legally required to report, to the appropriate  authorities, information you reveal about child abuse and/or neglect, including but not limited to domestic  violence in the presence of a child, sexual abuse, physical abuse, etc. We may be required to give additional  information once such report is filed.  

x. Vulnerable Adult Abuse. We are legally required to report information you  reveal about vulnerable adult abuse, neglect, or exploitation. We may be required to give additional  information once such report is filed.  

xi. Self-Harm & Harm to Others. We may be required to disclose information  to take protective action (including but not limited to: (a) communicating certain information to potential  victims, appropriate family members, and/or police; and/or (b) seek hospitalization of the patient) if we  believe that there is a clear and immediate probability of physical harm to the patient, to other individuals,  or to society.  

xii. Law Enforcement and Public Health. We may disclose your PHI to: (a) a public health authority that is authorized by law to collect or receive such information for the purpose of  preventing or controlling disease, injury, or disability; (b) a health oversight agency for oversight activities  authorized by law, including audits; (c) civil, administrative, or criminal investigations, proceedings, or  actions; (d) inspections; (e) licensure or disciplinary actions; (f) law enforcement officials for the purpose of  identifying or locating a suspect, fugitive, material witness, or missing person; (g) law enforcement officials  for the purpose of establishing that a crime has been committed; (h) law enforcement officials for the  purpose of alerting of your death if the there is a suspicion that such death may have resulted from criminal  conduct; (i) a coroner or medical examiner for the purpose of identifying a deceased person, determining a  cause of death, or other duties as authorized by law; and/or (j) law enforcement officials if you are suspected  to be a victim of a crime; provided however, we will attempt to obtain your permission to release such  information first (if reasonable in our sole judgment and discretion). 

C. Couples Therapy & “No Secret” Policy. When working with couples, all laws of  confidentiality exist. Neither partner must attempt to triangulate us or our providers into keeping a “secret”  that is detrimental to the couple’s therapy goal. If one partner requests that we keep a “secret” in  confidence, we may choose to end the therapeutic relationship and give referrals to other psychologists.  Please note that if one party requests a copy of couples or family therapy records in which they have participated, an authorization from each participant (or their representative and/or guardian) in the sessions  will be required before the records can be released. 

D. Interactions Outside of Sessions. Our relationship is strictly professional. To  preserve this relationship, it is imperative that there is no relationship outside of the professional  relationship (e.g., social, business, or friendship).  

E. Additional Considerations. We participate in the Psychology Interjurisdictional  Compact (“PsyPact”). Pursuant to Section 4 of PsyPact’s rules and regulations, a psychologist lawfully  practicing psychology in a state other than the one in which it is licensed (“Receiving State”) is subject to  the Receiving State’s laws aimed at protecting the health and safety of its citizens, which may include, among  others, laws that: 

i. Require a psychologist to report abuse; 

ii. Require a psychologist to secure informed consent from or for a patient  and/or prescribe the manner in which informed consent must be obtained; 

iii. Require a psychologist to make disclosures to an individual that the  individual is at serious risk of bodily injury or other harm by a third person; 

iv. Prohibit any individual from engaging in conduct that causes or may  reasonably cause another to suffer physical or psychological harm; and/or 

v. Establish standards, processes, or criteria for involuntary commitment  and/or involuntary treatment of individuals. 

For the avoidance of doubt, our obligations pertaining to disclosures will vary depending on the laws of the  state in which you are located while receiving the services.  

F. Written request. Patients must sign a release of information form before any PHI  may be sent to a third party. A summary of visits may be given in lieu of actual “psychotherapy/process  notes,” except if the third party is part of our practice. If the services involve more than one person, each  person over the age of eighteen (18) must sign the release of information before PHI is released.  

G. Disclaimer. While the written summary of exceptions to confidentiality should be  helpful in informing you about potential problems, it is important that you discuss any questions or  concerns that you may have with us during the initial meeting. We will discuss these issues with you, but  formal legal advice may be needed because the laws governing confidentiality are complex and we are not  attorneys.  

H. Patient’s Rights and Provider’s Duties.

i. Patient’s Rights.  

a. Right to Equal Treatment. You have the right to ethical treatment without discrimination regarding race, ethnicity, gender identity, sexual orientation, religion, disability status,  age, or any other protected category.  

b. You have the right to confidentiality with respect to your PHI. If you pay for a service or health care item out-of-pocket, in full, you may request us not to share that  information with your health insurance company. We will agree to such request unless a law requires it to  share that information. 

c. Right to Request Restrictions. You have the right to request restrictions on certain uses and disclosures of your PHI. However, we are not required to agree to such  request. 

d. Right to Receive Confidential Communications by Alternative  Means and at Alternative Locations. You have the right to request and receive confidential communications  of PHI by alternative means and at alternative locations. 

e. Right to Inspect and Copy. You have the right to inspect or obtain a copy (or both) of your PHI. Records must be requested in writing and a consent for release of information  must be executed. Furthermore, there is a copying fee charge of one dollar ($1.00) per page (plus necessary  postage). Please make your request well in advance and allow two (2) weeks to receive the copies. You  have a right of review, which we will discuss with you upon request, in the event we deny your request for  access to your records. 

f. Right to Amend. You can ask us to make certain changes, also known as amendments, to your PHI if you believe the information in your records is incorrect and/or  missing important information. You must make this request in writing and explain to us the reasons you  want to make these changes. We will explain the reason for a denial of a request to amend within sixty (60)  days of you making a request to amend.  

g. Right to a Copy of this Notice. If you received the paperwork  electronically, you have a copy of it in your e-mail.  

h. Right to an Accounting. You generally have the right to receive an accounting of disclosures of your PHI. Upon request, we will discuss with you the details of the accounting  process. 

i. Right to Choose Someone to Act for You. If someone is your legal guardian, that person can exercise your rights and make choices about your PHI. We will make sure the  person has the authority to act for you before it takes any action. 

j. Right to Choose. You have the right to decide not to receive services from us.  

k. Right to Terminate. You have the right to terminate services with us at any time without any legal or financial obligations other than those already accrued. You must discuss  your decision to terminate the services with us either in session or by e-mail. 

l. Right to Release Information with Written Consent. Any part of your record can be released to any person or agency you designate with your written consent. We will  discuss with you whether or not releasing the information in question to such person or agency may be  harmful to you. 

m. Right to Make Complaints. You may contact us, the State of FL Department of Health, or the Secretary of the U.S. Department of Health and Human services if you are  concerned that we have violated your privacy rights, or you disagree with a decision we have made about  access to your records. You will not be penalized for filing a complaint.  

ii. Provider’s Duties.  

a. We are required by law to maintain the privacy of your PHI and to provide you with this Privacy Policy explaining our legal duties and privacy practices with respect to your  PHI. We reserve the right to change the privacy policies and practices described in this Privacy Policy.  Unless we notify you of such changes, however, we are required to abide by the terms currently in effect.  

I. Data Breach Notification. We will promptly notify you if a data breach occurs that  may have compromised the privacy or security of your PHI. We will notify you within the legally required  timeframe. Most of the time, we will notify you in writing, by first-class mail, or we may e-mail you if you  have provided us with your current e-mail address and you have previously agreed to receive notices  electronically. In some circumstances, our business associates may provide the notification. In limited  circumstances, when we have insufficient or out-of-date contact information, we may provide notice in a  legally acceptable alternative form.  

9. Data Security. We have implemented measures designed to secure your personal  information from accidental loss and from unauthorized access, use, and alteration. However, the safety  and security of your information also depends on you. Where we have given you (or where you have  chosen) a password for access to certain parts of our Website, you are responsible for keeping this password  confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public  areas may be viewed by any user of the Website. Unfortunately, the transmission of information via the  internet is not completely secure. Although we do our best to protect your personal information, we cannot  guarantee the security of your personal information transmitted to our Website. Any transmission of  personal information is at your own risk. We are not responsible for circumvention of any privacy settings  or security measures contained on the Website.

10. Changes to Our Privacy Policy. It is our policy to post any changes we make to our Privacy  Policy on this page. If we make material changes to how we treat our users' personal information, we will  notify you through a notice on the Website home page. The date the Privacy Policy was last revised is  identified at the top of the page. You are responsible for ensuring we have an up-to-date active and  deliverable e-mail address for you, and for periodically visiting our Website and this Privacy Policy to check  for any changes.  

11. Contact Information. To ask questions or comment about this Privacy Policy and our  privacy practices, contact us at: drmendoza@avatarcbc.com.