cse-it online privacy notice

Last updated: April 8, 2021

A PDF version of this Privacy Notice is available by clicking this link.

This Privacy Notice describes how WestCoast Children’s Clinic (“we,” “us,” “our,” or “WCC”) handles the personal information that it collects in connection with the services that it provides (“Services”) via its proprietary Commercial Sexual Exploitation Identification Tool (“CSE-IT”). The CSE-IT and the Services are provided to professionals (“Customers”) for evaluation and diagnostic purposes as part of their professional services.

This Privacy Notice details how we collect, use, disclose and secure personal information collected via the CSE-IT. If, after reviewing this Privacy Notice, you have any questions or privacy concerns, please send us an email to screening@westcoastcc.org. 

Customers who use the CSE-IT will be prompted to input information on behalf of and about youths for whom the evaluation is provided (“Clients”). WCC does not have a direct relationship with Clients, and acts as a service provider for Customers using the CSE-IT and the Services. As such, Customers are responsible for providing notice and disclosures to their Clients about their information practices and obtaining Client consent as required by applicable law. Customers are also responsible for notifying Clients of their use of the CSE-IT and our Services.

Changes to This Privacy Notice

We may update this Privacy Notice from time to time. If we make material changes to this Privacy Notice, we will post our updated Privacy Notice on the CSE-IT, and for a reasonable period of time we will post notice of the change so it is visible to visitors and users after the change is posted. By your continued use of the CSE-IT, you will be deemed to consent to the terms of the revised Privacy Notice.

Children’s Information

The CSE-IT tool is directed to child-serving professionals in any field (including social services, medical, and mental health). It is not directed to persons under 13 years of age. We do not knowingly market to or collect any personal information from children under the age of 13, except as may be provided by Customers.

If you are a parent or guardian, and would like the personal information of your minor child removed from our database, please contact the Customer responsible for inputting this information to request that such information be removed from our records.

What Personal Information Do We Collect?

In order to provide the CSE-IT, we collect various types of information:

  • We collect personal information directly from our Customers when they register to use the CSE-IT;
  • Once registered to use the CSE-IT and the Services, Customers input information about their Clients through the CSE-IT, which we process as a service provider; and
  • We collect information automatically, including information about how Customers interact with or use the CSE-IT.

Personal Information Collected from our Customers

In order for Customers to use the CSE-IT and our Services, we collect their:

  • First and last name
  • Email address
  • Employer name (if applicable) and location (city and state)
  • Password.

Information Input by our Customers

When using the CSE-IT, Customers will be prompted to input information, primarily about their Clients. As explained above, Customers are responsible for providing notice and disclosures to their Clients about their information practices, including their use of the CSE-IT and our Services, and obtaining Client consent as required by applicable law.

Client personal information provided by Customers includes:

  • Client identifier (a Customer-assigned numerical code that does not identify a Client by name)
  • Age (date of birth)
  • Gender identity
  • Gender expression
  • Race/ethnicity
  • Sexual orientation
  • Disability status (physical and intellectual)
  • Parents’ immigration status (optional)
  • Behavioral information

Note: Customers will input Clients’ names when using the CSE-IT, however WCC does not access or use this information.

The CSE-IT also includes an open text box for additional information, which may include personal information depending on what information is input by the Customer.

Personal Information We Collect Automatically

We automatically collect information about the computer or devices (including mobile devices) used to access the CSE-IT, as well as Customers’ interactions with the CSE-IT. As such, we collect and store the Customer’s browser type, IP address, as well as Customer ID, the manner in which the Customer uses the CSE-IT (e.g., the type of action performed, such as creating, reading, updating or retrieving information entered by the Customer), the date and time of visits, error logs, and other hardware and software information. 

Note that Customers’ IP Addresses, as well as the types of actions performed (e.g., create, view, or edit history) within the CSE-IT, are captured and logged when accessing sensitive Client information for HIPAA logging compliance purposes.

We also collect broad geographic location (e.g., country or city-level location) based upon IP address. We may also ask you for permission to share your location information directly with us.

How & Why We Use Personal Information

Subject to applicable laws and any business associate agreements we have with our Customers, we will use the personal information that we collect in order to:

  • Enable Customers to use the CSE-IT
  • Provide our Services
  • Communicate with Customers
  • Respond to and fulfill requests or other inquiries
  • Contact Customers in connection with our Services and/or the CSE-IT
  • For security and/or compliance with applicable laws (e.g., HIPAA)
  • De-identify such information and perform research and analytics on the de-identified information as indicated in the Aggregated and De-identified  Information section below
  • Enforce our contractual rights, and protect our rights and property and the rights and property of others
  • Enable feedback
  • Comply with the law

Do Not Track Signals

We do not track Customers in any way that would require a response to “Do Not Track” signals.

Disclosure of Personal Information 

We do not sell, rent or lease any of the personal information collected in connection with the CSE-IT or the Services. We may, however, disclose the personal information as explained below.

Service Providers

We only disclose information to companies that perform services on our behalf, such as our data storage services and software development and hosting management.

Note that in some cases, these service providers collect information automatically, as explained above.

Legal Obligations

Subject to applicable law, we may disclose personal information where we believe in good faith that such disclosure is necessary or otherwise appropriate to: (a) comply with the law or in response to a valid subpoena, court order, government request, or other valid legal process; (b) produce relevant documents or information in connection with litigation, arbitration, mediation, adjudication, government or internal investigations, or other legal or administrative proceedings; (c) protect the interests, rights, safety, or property of WCC or others; or (d) enforce contractual obligations. 

“Business” Transfer

Selling a nonprofit business is fundamentally different from selling a conventional business. However, there may be instances where other organizations may purchase a nonprofit in order to expand their operations, or use a nonprofit’s assets. Some nonprofits also transition into a for-profit business. In some instances, a nonprofit organization may file for bankruptcy protection. Should WCC undertake any of the above transactions, we may transfer personal information to another entity in connection with such transaction.

Consent and Authorization

We may share personal information with any person or entity when we have Customers’ consent and authorization and if applicable, Customer has obtained the consent and authorization of the Client. 

Aggregated and De-identified Information

We may use and share non-personal information, including any de-identified and aggregated data with third parties. We may use such de-identified information to improve the CSE-IT, our Services or Customer experience.

Security 

We have implemented commercially reasonable physical, administrative, technical, and electronic security measures designed to protect against the loss, misuse, and alteration of your personal information. Despite our efforts, however, no security measures are perfect or impenetrable, and we do not promise that your information will remain secure. 

We appreciate your help in safeguarding the integrity of your own and others’ privacy, and encourage you to let us know immediately if you suspect that any personal information you shared with us is being used contrary to this Privacy Notice.

Customers are responsible for creating strong passwords, as well as safeguarding their passwords at all times.

International Transfers 

We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your personal information will be collected, processed and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region. 

By sending us personal information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries or regions (particularly the European Economic Area), and to the processing of that information by us on servers located in the United States, as described in this Privacy Notice.

Access and Rectification

Should you wish to review, update or correct personal information that we hold, please contact us by sending an email to screening@westcoastcc.org. Customers are responsible for updating and reviewing their Clients’ personal information as may be requested. 

Note that for security purposes, we will take reasonable steps to verify your identity before granting you access or enabling you to make corrections.

Contacting Us

Should you have any questions about this Privacy Notice, please contact us by sending an email to screening@westcoastcc.org.  Please provide your name, mailing address, telephone number and email address so we can service you more quickly. You can also write to us at:

WestCoast Children’s Clinic

Attn: CSE-IT Project Director

3301 E. 12th Street, Suite 259

Oakland, CA 94601