PRIVACY POLICY

Comprehensive Resource Model (CRM)® Privacy Policy

Comprehensive Resource Model (“CRM®”) is dedicated to supporting trauma healing through professional education and training. In the course of our business, we may obtain information that is personal to individuals. We are committed to protecting the privacy of users and being transparent about how we collect, use, and share your information.

As used in this Privacy Policy (“Policy”), “personal information” or “personal data” refers to any information that can identify you, such as name, address, email, phone number, IP address, or other identifiers. We respect the value of your privacy and are committed to maintaining the confidentiality of your information in accordance with this Policy and applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), and other relevant privacy legislation.

I. General Policy

A. Information Collection & Use

CRM® may collect several types of information from and about you when you visit our website, register for a program or training, or place an order.

  1. Information You Provide Directly

    • When you sign up for our mailing list: name, email address, city, state, and country/province.

    • When registering for a training: personal information required to verify training completion, eligibility, and prerequisites.

    • For CRM® students: we may provide access to contact information of approved CRM® Providers for Case Consultation and personal sessions. Providers may opt out by emailing carol@comprehensiveresourcemodel.com.

  2. Information Collected Automatically

    • Analytics: We use Google Analytics and Squarespace tools to collect anonymized browsing data (page visits, device/browser details, IP-based location, language settings).

    • Cookies & Tracking: We use cookies and similar technologies for site functionality, analytics, fraud prevention, and to improve user experience. You can control cookie settings through your browser.

  3. Payment Information

    • Payments are processed securely through a third-party providers, PayPal. CRM® does not store full credit card or financial information. Please review PayPal’s Privacy Policy.

  4. Testimonials, Evaluations, Surveys, and Feedback

    • With your consent, CRM® may publish your testimonial with your name. You may withdraw consent at any time by contacting us.

  5. Sensitive Personal Information

    • CRM® does not intend to collect or process sensitive personal data (e.g., health, racial/ethnic origin, political opinions, religious beliefs, sexual orientation).

    • Limited exception: Mental Health/Trauma History shared voluntarily during specific training demonstrations (“demos”). Participation is strictly optional, consent-based, and governed by confidentiality agreements. Such information is disposed of securely after each training.

B. Lawful Basis for Processing (GDPR / UK GDPR)

We process personal data on the following legal bases:

  • Consent: For mailing lists, testimonials, demos, and certain cookies.

  • Contract: To provide training, services, and access to course materials.

  • Legal Obligation: To comply with applicable tax, accounting, and regulatory requirements.

  • Legitimate Interests: For internal business operations, website analytics, fraud prevention, and service improvement (balancing your rights with our operational needs).

C. Purposes of Data Collection

Personal data may be used to:

  • Deliver, maintain, and improve CRM® trainings, services, and website functionality.

  • Communicate updates, confirmations, and training-related information.

  • Process transactions securely.

  • Detect and prevent fraud or misuse.

  • Maintain records for compliance, accounting, and audit purposes.

  • Comply with legal and regulatory obligations.

D. Data Sharing

CRM® does not sell your personal information. We may share information only with:

  • Service Providers & Contractors: Training coordinators, faculty, administrative assistants, IT providers, and payment processors under contractual confidentiality obligations.

  • Training Participants: Limited sharing of rosters for communication and learning purposes.

  • Legal Authorities: If required by law, subpoena, or government request.

E. Data Retention

CRM® retains personal data only for as long as necessary to:

  • Fulfill training, contractual, and service obligations;

  • Comply with legal, tax, and regulatory requirements;

  • Resolve disputes and enforce agreements.

    When data is no longer needed, it is securely deleted or anonymized.

F. Data Security

We use reasonable technical, organizational, and administrative measures to protect data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, no internet transmission or storage system is fully secure, and we cannot guarantee absolute security.

II. Rights of Individuals

A. Rights of California Residents (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect and how we use it.

  • Request access to and a copy of personal information.

  • Request correction or deletion of personal information (subject to exceptions).

  • Opt out of the sale or sharing of personal information (CRM® does not sell your data).

  • Limit the use and disclosure of sensitive personal information.

To exercise rights, email carol@comprehensiveresourcemodel.com.

B. Rights of EU/UK Residents (GDPR / UK GDPR)

You have the right to:

  • Access, correct, or update personal data.

  • Request deletion (“right to be forgotten”).

  • Restrict or object to certain processing.

  • Data portability (receive your data in a structured format).

  • Withdraw consent at any time.

  • Lodge a complaint with a supervisory authority.

C. Children’s Privacy

CRM® services are not directed to children under 16 (or lower age where permitted by local law). We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us immediately.

III. International Data Transfers

CRM® operates in the United States and may transfer personal data internationally. When transferring personal data from the EU/UK or other regions, we use appropriate safeguards (e.g., Standard Contractual Clauses or equivalent mechanisms) to protect your information.

IV. Third-Party Links

Our website may contain links to third-party websites. CRM® is not responsible for the privacy practices or content of external sites.

V. Legally Required Disclosures

We may disclose personal data if required to do so by law, court order, government request, or to protect our legal rights and the safety of our users.

VI. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated via email (if you are subscribed) or by posting a notice on our website.

Last updated: September 9, 2025

VII. Contact Us

If you have any questions or wish to exercise your privacy rights, please contact:

Carol Muller at carol@comprehensiveresourcemodel.com