Privacy policies are important, but they can get very long when all the legal words are involved. Some might think they’re a little scary, but the real scary thing is businesses that don’t have them… You have no idea what they’re doing with your data, or if it’s being stored insecurely ready to be stolen if/when they’re hacked, or even who they’re outright selling your data to!
This privacy statement covers everyone who uses our services, from someone employing us for a job to a casual browser of our website.
What personal information do we collect from the people that visit our website?
When signing up for our newsletter, you are only asked to provide a first name and email address. When employing our services, you may be asked to provide your full name, email address, mailing address, phone number or other details to properly contact you and to help complete your job.
When do we collect information?
We collect information from you when you subscribe to a newsletter, or when you employ our services. Additionally, we make our data collection as obvious as we can, so you know what we do and don’t keep.
How do we use your information?
We may use the information we collect from you when you sign up for our newsletter, respond to a survey or marketing communication, visit our website, or employ our services in the following ways:
- To improve our website in order to better serve you.
- To allow us to better service you in responding to your customer service requests.
- To send periodic emails regarding your project or other products and services.
How do we protect visitor information?
Because we’re not a financial institution, plus we also don’t accept payment by card, and we don’t store or handle your financial details, we don’t meet the Payment Card Industry requirements for vulnerability scanning. Despite this, we still do regularly scan our website and all of our computers for Malware and Viruses. We also use an SSL certificate on our website to encrypt your browsing session while you visit our website, even though our website only provides articles and information, not personalised data requiring a unique login for visitors. And despite not being required at all, we even do a quick check to see if your web browser is out of date and, if so, we show a warning suggestion to update your web browser. In other words, we try to treat even minor things like browsing our website as secure as if we were a financial institution.
Do we use ‘cookies’?
Yes. Cookies are small files that a website or its service provider transfers to your computer’s hard drive through your Web browser (if you allow them) that enables the website’s or service provider’s systems to recognise your browser and capture & remember certain information. They are used to help us compile aggregate data about website traffic and website interaction so that we can offer better website experiences and tools in the future. We may also use trusted third party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies for either just our website or for all websites. This can be done through your web browser’s settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookie preferences.
If you prefer, you can disable cookies in your web browser and it won’t affect your experience using our website. However, if you have technical issues browsing our website, our website maintainers may not be automatically notified of these errors if you have cookies disabled.
Third Party Disclosure
We don’t sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice and seek your agreement. This doesn’t include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential to the same standards we hold for ourselves. For example, we use Google Analytics on our website and MailChimp to manage our email newsletters. We also try to share only the bare minimum information with these partners as well. The only time we would release your information is when required by law, when required to enforce other website policies, or to protect ours or others’ rights, property, or safety.
Third party links
We do not include or offer third party products or services on our website. We do link to third-party websites, however as you’d expect we have no control over the content on these websites.
We have implemented the following:
- Demographics and Interests Reporting
We, along with third-party vendors such as Google Analytics, use first-party cookies or other third-party identifiers together to compile data regarding user interactions and other functions as they relate to our website. You can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.
California Online Privacy Protection Act
We meet CalOPPA‘s requirements by doing the following:
- Users can visit our website anonymously if they prefer.
- That link includes the word ‘Privacy’, and can be easily found on our homepage.
How does our website handle Do Not Track signals?
We fully honour Do Not Track signals and do not track, plant cookies, or use advertising when a standards-compliant Do Not Track (DNT) browser mechanism is in place.
Does our website allow third party behavioural tracking?
It’s also important to note that unlike some of our direct competitors in our industry, we don’t allow third party behavioural tracking, such as linking your computer, browsing session or your identity to your Facebook/Twitter/Google account/other Social Media profile. Because we think that’s just creepy.
COPPA (Children Online Privacy Protection Act)
We do not specifically market to children under 13, and meet all necessary requirements for the US Federal Trade Commission’s Children Online Privacy Protection Act (COPPA).
Fair Information Practices
The Fair Information Practices Principles is the US Federal Trade Commission’s guidelines for complying with privacy-related laws. To be in line with Fair Information Practices, in the event of a data breach we will notify all users on our website within 7 business days, and all specifically affected users personally by email. We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
The CAN-SPAM Act is the US law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We only collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred
To be in accordance with CAN-SPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the messages as an advertisement in some reasonable way
- Include the physical address of our business or website headquarters
- Monitor third party email marketing services for compliance, if one is used.
- Honour opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
All our outgoing emails, including our Newsletters, come from servers with valid SPF and DKIM record tags and authentication signatures, so you can be sure email claiming to be from us is legitimate and all others can be automatically discarded as phishing attempts or spam.
If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email or phone/email/visit us, and we will promptly remove you from ALL future correspondence.
European Union’s General Data Protection Regulation
As we are an Australian company dealing with the Energy Efficiency of Australian buildings according to the Australian National Construction Code, most of the requirements of the European Union’s General Data Protection Regulation (GDPR) do not apply to us. However that doesn’t stop us from wanting to be the best we can. The above statements cover us for most of the GDPR‘s requirements, but it’s worth re-stating a few things anyway. We keep internal records of where any potentially personal information is kept, what type of information is kept, how it is kept, who has access to it, how long it is kept, what is done with it. When we no longer have any need for some personally identifiable data, we delete it. For ease of our own administrators and because it’s such a small percentage of our viewers, website usage data from users in the European Union is automatically filtered and discarded. Nonetheless, if you would like to know what little data we have stored on you or if you would like it updated or deleted or even if you would just like to know more, feel free to contact us and ask for the Data Protection Officer (who is currently also the Systems Administrator).