Who we are
Our website addresses are: https://kilobycenter.com and http://naturalresthouse.com
What personal data we collect and why we collect it
When visitors leave comments on our sites, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms Cookies
If you leave a comment on our site you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with and how long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
How we protect your data
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
What data breach procedures do we have in place?
Data breach policy
All services provided by The Kiloby Center are confidential. The Kiloby Center recognizes the very personal and private nature of the information that may be shared by those dealing with trauma and addiction. The Kiloby Center is committed to honoring the choices of clients and to provide services in a manner that facilitates client empowerment. The Kiloby Center will take all necessary steps under this policy and California and federal law to preserve the privacy rights of those who receive its services unless expressly authorized by the client to do otherwise.
Records kept for the purpose of providing advocacy to clients will contain minimal information specifically designed to provide continuity of services and supportive assistance. Information is only documented to the extent necessary to provide services.
Data Breach: Unauthorized access to, unauthorized acquisition of, or accidental release of personal information that compromises the security, confidentiality, or integrity of the personally identifying information (PII) constitutes a data breach.
- A reasonable attempt shall be made to notify clients whose PII has been compromised or released without authorization.
- The Executive Director or designee will notify the Office of Crime Victims Advocacy (OCVA) within 24 hours of identification of the data breach.
- Concurrent to the actions outlined above, steps shall be taken to restore data, reinforce security, and to return all systems to full operation as soon as possible.
Data breach procedure
Unauthorized access to, unauthorized acquisition of, or accidental release of personal information that compromises the security, confidentiality, or integrity of PII constitutes a data breach.
Identification of a Data Breach
The Executive Director will be notified upon identification of an actual or suspected breach of data. The notification shall occur as soon as possible and not more than 24 hours following the discovery of a data breach. The program will conduct a notification to affected parties:
Notification of a Data Breach
A reasonable attempt shall be made to notify clients whose PII has been compromised or released without authorization. A program staff person, in coordination with the director, will attempt to notify the survivor that their PII has been disclosed.
- The program staff should discuss with the survivor what information or records were breached, explain the program policy and procedure, engage in safety planning as appropriate, and provide any additional information about The Kiloby Center’s plan to address the breach and contain further breach or exposure of the survivor’s information.
The Executive Director or designee will notify the Office of Crime Victims Advocacy (OCVA) within 24 hours of identification of the data breach.
- The actual PII will not be disclosed to OCVA in the notification but shall include the extent of the data breach (for example, one client’s PII accidentally released or a database breach of entire agency-client records).
Concurrent to the actions outlined above, steps shall be taken to restore data, reinforce security, and to return all systems to full operation as soon as possible. The Executive Director or designee will investigate the data breach cause and notify the OCVA once fixed.
- This may involve working with an IT person to install malware-blocking software, replacing equipment, or changing the locks to an office or file cabinet.
- In the event the breach involves paper copies of documents, immediate steps shall be taken to recover and secure all remaining documents.
What third parties we receive data from
We receive data from our software partners when you utilize our webchat or information request documents.
Constant Contact: Privacy Center
Square: Privacy and Security
What automated decision making and/or profiling we do with user data
All data we receive is only used for our own communication and marketing efforts. Your information is never sold to third parties.
Industry regulatory disclosure requirements
California Consumer Privacy Act (CCPA) information
When collecting personal information, the Kiloby Center for Recovery, Inc. and the Natural Rest House, Inc. through the Website or our other services, this personal information is in relation to business-to-business transactions and is not sold to third parties. If you are a California resident and we collect or disclosing your personal information for a business purpose, your rights under the CCPA are limited and do not include the right to access, the right to delete or other rights under the CCPA.