Privacy Policy
Effective Date: 07/10/2024
This privacy policy ("Policy") governs the collection, use, and disclosure of personal information when you use The Outdoor Builders web app ("App") provided by The Outdoor Builders ("Company"). By accessing or using the App, you agree to be bound by this Policy. If you do not agree with any part of this Policy, please refrain from using the App.
1. User Data Collection
The Company collects user data to improve the App and provide personalized services. The data collection methods include:
- Registration: When you register for an account, we collect personal information such as your name, email address, phone number, and zip code.
- Usage Analytics: We gather data through site maps and usage analytics tools to analyze user behavior, preferences, and usage patterns. This analysis helps us enhance the App"s functionality and user experience.
- Cookies and Tracking Technologies: We use cookies to remember your preferences, track usage patterns, and deliver customized content. By using cookies and similar technologies, we can improve your App experience.
- Third-Party Services: We may utilize third-party applications and services to collect data in accordance with their respective privacy policies. These services may include analytics tools, advertising networks, or other providers.
2. Use of Collected User Data
The Company uses the collected user data for the following purposes:
- App Improvement: User data is analyzed to understand user interactions, preferences, and usage patterns. This analysis helps us identify areas for improvement, optimize App performance, and enhance the user experience.
- Personalization: User data enables us to tailor App content, recommendations, and advertisements to individual users. By understanding user interests and demographics, we create personalized experiences to meet specific user needs.
- Marketing and Advertising: User data is utilized for targeted marketing campaigns and advertising efforts. By analyzing user demographics, preferences, and behaviors, we can deliver relevant advertisements and promotions, enhancing the effectiveness of our marketing strategies.
- Research and Analytics: Aggregated and anonymized user data may be used for research purposes to gain insights into broader trends and patterns. This research helps us understand user preferences, improve our products or services, and stay ahead of market trends.
- Security and Fraud Prevention: User data is employed to ensure App security and protect users. By monitoring user behavior and detecting potential anomalies, we can prevent fraudulent activities or security breaches. We implement robust security measures to maintain a safe App environment.
3. Third-Party Sharing
The Company does not share user data with any third parties.
4. Data Protection
The Company takes appropriate measures to protect user data from unauthorized access, disclosure, or loss. We implement industry-standard security practices to safeguard your personal information. However, please be aware that no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
5. Cookies and Tracking Technologies
The App uses cookies and similar tracking technologies to remember your preferences, track usage patterns, and deliver customized content. By using the App, you consent to the use of cookies and tracking technologies.
6. User Rights under CCPA
Under the California Consumer Privacy Act (CCPA), users have the following rights regarding their personal information:
- Right to Know: You can request information about the personal information collected, sources, purposes, and categories of third parties with whom the information is shared.
- Right to Delete: You can request the deletion of personal information, subject to certain exceptions.
- Right to Opt-Out: We do not sell personal information, so an opt-out mechanism is not applicable.
- Right to Correct: You may ask us to correct inaccurate personal information.
- Right to Limit Use and Disclosure of Sensitive Information: You can direct us to limit the use and disclosure of sensitive personal information.
7. Data Breach Notification
In the event of a data breach, we follow a comprehensive process to secure affected systems and notify affected users. We promptly inform affected individuals about the breach, the types of compromised data, potential risks, and recommended actions to protect themselves.
8. Children's Online Privacy Protection Act (COPPA)
We do not knowingly collect information from children under the age of 13. The App is not intended for use by children.
9. Data Privacy & Regulatory Compliance
The Outdoor Builders is committed to protecting the personal data of all individuals in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This section outlines our approach to privacy governance, individual rights, and regulatory obligations.
9.1 Data Subject Rights
Data subjects (e.g., homeowners, contractors, employees, partners) have the following rights under GDPR and CCPA, which The Outdoor Builders upholds through clearly defined procedures:
| Right | GDPR | CCPA | Description |
|---|---|---|---|
| Right to Access | ✔️ | ✔️ | Individuals can request a copy of their personal data. |
| Right to Rectification | ✔️ | – | Individuals can request corrections to inaccurate data. |
| Right to Erasure ("Right to be Forgotten") | ✔️ | – | Individuals can request deletion of their personal data. |
| Right to Restrict Processing | ✔️ | – | Individuals can limit how their data is processed. |
| Right to Data Portability | ✔️ | – | Data can be exported in a machine-readable format. |
| Right to Object | ✔️ | – | Individuals can object to processing based on legitimate interest or profiling. |
| Right to Opt-Out of Sale | – | ✔️ | Individuals can opt out of the sale of their personal information. |
| Right to Non-Discrimination | – | ✔️ | Individuals are protected from discriminatory treatment for exercising rights. |
Requests Process: All rights requests must be submitted via privacy@outdoorbuilders.com. Requests are acknowledged within 10 days and fulfilled within 30 days (45 days for CCPA, if necessary, with notification).
9.2 Legal Basis for Processing (GDPR)
Personal data is processed lawfully based on one or more of the following legal grounds:
- Consent from the data subject.
- Performance of a contract.
- Compliance with a legal obligation.
- Legitimate interests pursued by The Outdoor Builders or a third party.
- Vital interests or public task (rare use cases).
9.3 Notice at Collection (CCPA)
At or before the point of data collection, individuals are provided with a Notice of Collection that includes:
- Categories of personal information collected.
- Intended use of each category.
- Whether the information may be shared with third parties.
9.4 Consent & Preferences
- Consent Management: Where applicable, we obtain clear, affirmative consent for data processing.
- Cookie Controls: Cookie banners allow users to accept, reject, or customize tracking preferences.
- Opt-Out Mechanisms: For CCPA, users can opt out of data sale via a "Do Not Sell or Share My Personal Information" link on our website.
9.5 Data Retention & Deletion
- Data is retained only as long as necessary for the purposes described in this policy.
- Retention schedules are reviewed annually and based on regulatory, operational, and legal needs.
- Secure deletion procedures follow NIST 800-88 guidelines (e.g., cryptographic erasure or physical destruction).
9.6 Vendor & Processor Management
All third-party vendors who process personal data sign Data Processing Agreements (DPAs) or Service Provider Contracts that include:
- Confidentiality obligations.
- Data access limitations.
- Subprocessor approval and monitoring.
- Security and breach notification requirements.
A vendor risk assessment is conducted annually by the Information Security Committee.
9.7 Data Mapping & Inventory
A Record of Processing Activities (ROPA) is maintained and includes:
- Types of personal data collected.
- Processing purposes.
- Data recipients and transfers.
- Retention periods.
- Technical and organizational security measures.
9.8 International Data Transfers
For transfers outside the EEA/UK, appropriate safeguards are used:
- Standard Contractual Clauses (SCCs).
- Vendor adherence to frameworks like EU-U.S. Data Privacy Framework (if applicable).
9.9 Data Protection Governance
- The CISO is responsible for overseeing privacy compliance and liaising with regulatory authorities.
- A Privacy Officer may be designated if required based on processing volume and jurisdictional needs.
- This section is reviewed annually or following any material changes to data processing practices.