Privacy Policy - S&S Building and Design

S & S Building and Design

Effective Date: January 1, 2025 | Last Updated: July 19, 2025

1. INTRODUCTION AND SCOPE

S & S Building and Design, a limited liability company organized under Oregon law (“Company,” “we,” “our,” or “us”), is committed to protecting the privacy and security of personal information. This Privacy Policy (“Policy”) governs the collection, use, processing, storage, disclosure, and protection of personal information obtained through our website, mobile applications, client portal, and business operations.

This Policy applies to all individuals who interact with our services, including website visitors, prospective clients, current clients, vendors, contractors, and business partners (“you” or “Data Subject”).

BY ACCESSING OUR WEBSITE, USING OUR SERVICES, OR PROVIDING PERSONAL INFORMATION TO US, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.

2. LEGAL BASIS FOR PROCESSING

We process personal information based on the following legal grounds:

a) Contractual Necessity: Processing necessary for the performance of contracts for construction, remodeling, or related services
b) Legitimate Business Interests: Processing necessary for our legitimate business operations, including marketing, business development, and customer service
c) Legal Compliance: Processing required to comply with applicable laws, regulations, licensing requirements, and legal obligations
d) Consent: Processing based on explicit consent for specific purposes, which may be withdrawn at any time
e) Vital Interests: Processing necessary to protect the vital interests of individuals or public safety

3. CATEGORIES OF PERSONAL INFORMATION COLLECTED

3.1 Directly Provided Information

Contact and Identification Data:

Full legal name, preferred name, title
Residential and business addresses
Telephone numbers (mobile, home, business)
Email addresses (personal and business)
Emergency contact information

Financial and Transaction Data:

Credit card information, bank account details
Billing and payment history
Credit reports and financial statements (for financing applications)
Insurance information
Tax identification numbers (for business clients)

Project and Property Information:

Property addresses and legal descriptions
Property ownership documentation
Project specifications, plans, and requirements
Budget and financing information
Permit and licensing documentation

Communication Records:

Email correspondence and attachments
Recorded telephone conversations (where legally permitted)
Text messages and instant messages
Meeting notes and consultation records
Client portal communications

3.2 Automatically Collected Information

Technical and Usage Data:

Internet Protocol (IP) addresses and geolocation data
Browser type, version, and settings
Operating system and device information
Website navigation patterns and clickstream data
Session duration and frequency of visits
Referring websites and search terms

Cookies and Tracking Technologies:

Essential cookies for website functionality
Analytics cookies for performance measurement
Preference cookies for user experience customization
Marketing cookies for targeted advertising

3.3 Third-Party Sources

Public Records and Databases:

Property records and ownership information
Contractor licensing and certification databases
Court records and legal proceedings
Credit reporting agencies
Professional reference checks

4. PURPOSES AND USES OF PERSONAL INFORMATION

4.1 Primary Business Purposes

Service Delivery and Contract Performance:

Providing construction, remodeling, and related services
Project planning, scheduling, and management
Quality control and warranty services
Client communication and project updates
Subcontractor coordination and management

Financial and Administrative Operations:

Processing payments and managing accounts
Billing and invoicing services
Insurance claims processing
Permit applications and regulatory compliance
Maintaining business records and documentation

4.2 Secondary Business Purposes

Customer Relationship Management:

Maintaining client relationships and communication
Providing customer support and technical assistance
Conducting client satisfaction surveys
Managing client portal access and functionality

Marketing and Business Development:

Direct marketing communications (with consent)
Newsletter and promotional material distribution
Website personalization and user experience enhancement
Market research and business analytics
Lead generation and prospect management

Legal and Compliance:

Complying with federal, state, and local laws
Responding to legal process and government requests
Protecting against fraud, theft, and illegal activities
Enforcing contracts and protecting legal rights
Maintaining insurance and bonding requirements

5. INFORMATION SHARING AND DISCLOSURE

5.1 No Sale of Personal Information

WE DO NOT SELL, RENT, OR TRADE PERSONAL INFORMATION TO THIRD PARTIES FOR MONETARY CONSIDERATION.

5.2 Permitted Disclosures

Service Providers and Business Partners:

Licensed subcontractors and construction professionals (project-related information only)
Material suppliers and equipment vendors (delivery and billing information)
Financial institutions and payment processors (transaction processing)
Insurance companies and bonding agencies (coverage and claims)
Professional service providers (legal, accounting, consulting)

Legal and Regulatory Requirements:

Federal, state, and local government agencies
Law enforcement and judicial authorities
Regulatory bodies and licensing agencies
Court orders, subpoenas, and legal process
Emergency situations involving public safety

Business Transactions:

Potential buyers in merger, acquisition, or sale transactions
Successors and assigns in business transfers
Professional advisors in due diligence processes

With Explicit Consent:

Marketing partners and affiliates (only with written consent)
Testimonial and case study publications
Professional references and recommendations

5.3 Data Processing Agreements

All third-party service providers are bound by written agreements requiring:

Confidentiality and security protections
Limited use of personal information
Compliance with applicable privacy laws
Return or destruction of data upon contract termination

6. DATA SECURITY AND PROTECTION MEASURES

6.1 Technical Safeguards

Encryption and Secure Transmission:

SSL/TLS encryption for all website communications
End-to-end encryption for sensitive data transmission
Encrypted storage of personal and financial information
Secure file transfer protocols for document sharing

Access Controls and Authentication:

Multi-factor authentication for system access
Role-based access controls limiting data exposure
Regular access reviews and permission audits
Secure password policies and requirements

System Security:

Firewall protection and intrusion detection systems
Regular security updates and patch management
Malware protection and monitoring
Secure backup and disaster recovery procedures

6.2 Administrative Safeguards

Personnel Security:

Background checks for employees with data access
Confidentiality agreements and privacy training
Regular security awareness training programs
Incident response and breach notification procedures

Policy and Procedure Controls:

Written information security policies
Data retention and disposal procedures
Vendor management and oversight programs
Regular security assessments and audits

6.3 Physical Safeguards

Secure facilities with controlled access
Locked storage for physical documents
Secure disposal of paper records
Environmental controls and monitoring

6.4 Security Limitations

While we implement comprehensive security measures, no system is completely secure. We cannot guarantee absolute security of personal information transmitted over the internet or stored electronically.

7. DATA SUBJECT RIGHTS AND CHOICES

7.1 Access Rights

You have the right to:

Request confirmation of personal information processing
Obtain copies of personal information we maintain
Receive information about processing purposes and recipients
Request correction of inaccurate or incomplete information

7.2 Control and Deletion Rights

Right to Rectification: Correct inaccurate personal information
Right to Erasure: Request deletion of personal information (subject to legal retention requirements)
Right to Restriction: Limit processing of personal information
Right to Data Portability: Receive personal information in a structured, machine-readable format

7.3 Communication Preferences

Opt-Out Rights: Unsubscribe from marketing communications
Communication Channels: Choose preferred methods of contact
Frequency Controls: Adjust communication frequency preferences

7.4 Exercising Your Rights

Request Process:

Submit written requests to the contact information in Section 13
Provide sufficient information to verify your identity
Specify the right you wish to exercise and relevant details
Allow up to 30 days for response (may be extended to 60 days for complex requests)

Verification Requirements: We may require additional information to verify your identity before processing requests, including:

Government-issued identification
Proof of address or property ownership
Account information or service history

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Types of Cookies

Strictly Necessary Cookies:

Essential for website functionality and security
Cannot be disabled without affecting site performance
Include session management and authentication cookies

Performance and Analytics Cookies:

Google Analytics and similar services
Website usage statistics and performance metrics
User behavior analysis and site optimization

Functional Cookies:

User preferences and settings
Language and location preferences
Customized user experience features

Marketing and Advertising Cookies:

Targeted advertising and retargeting
Social media integration and sharing
Third-party advertising networks

8.2 Cookie Management

Browser Controls:

Configure cookie settings through browser preferences
Block or delete cookies using browser tools
Opt-out of targeted advertising through industry tools

Third-Party Opt-Outs:

Google Analytics opt-out: [tools.google.com/dlpage/gaoptout]
Digital Advertising Alliance opt-out: [optout.aboutads.info]
Network Advertising Initiative opt-out: [optout.networkadvertising.org]

9. DATA RETENTION AND DISPOSAL

9.1 Retention Periods

Active Client Records:

Contract duration plus seven (7) years for warranty and legal compliance
Financial records: Seven (7) years for tax and accounting purposes
Project documentation: Ten (10) years for construction liability

Marketing and Prospect Data:

Until opt-out request or three (3) years of inactivity
Website analytics: Twenty-six (26) months (Google Analytics default)

Legal and Compliance Records:

As required by applicable laws and regulations
Litigation hold requirements supersede standard retention

9.2 Secure Disposal

Electronic Data:

Secure deletion using industry-standard methods
Physical destruction of storage media when necessary
Certificate of destruction for sensitive information

Physical Documents:

Shredding of paper records containing personal information
Secure disposal through certified document destruction services

10. THIRD-PARTY WEBSITES AND SERVICES

10.1 External Links

Our website may contain links to third-party websites, including:

Supplier and vendor websites
Professional association sites
Social media platforms
Government and regulatory agencies

We are not responsible for the privacy practices of external websites. We encourage you to review their privacy policies before providing personal information.

10.2 Social Media Integration

Social media features and widgets may collect information about your visits and interactions. These features are governed by the privacy policies of the respective social media companies.

11. INTERNATIONAL DATA TRANSFERS

11.1 Cross-Border Processing

Personal information may be transferred to and processed in jurisdictions outside your country of residence, including the United States, where privacy laws may differ from your jurisdiction.

11.2 Adequacy and Safeguards

For transfers to countries without adequate privacy protections, we implement appropriate safeguards, including:

Standard contractual clauses approved by regulatory authorities
Binding corporate rules and codes of conduct
Certification schemes and adequacy decisions

12. CHILDREN’S PRIVACY

12.1 Age Restrictions

Our services are not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal information from children under 18.

12.2 Parental Notice

If we become aware that we have collected personal information from a child under 18 without parental consent, we will:

Delete the information immediately
Notify parents or guardians if contact information is available
Implement additional safeguards to prevent future collection

13. PRIVACY POLICY CHANGES AND UPDATES

13.1 Modification Rights

We reserve the right to modify this Privacy Policy at any time to reflect:

Changes in business practices or services
Updates to applicable laws and regulations
Technological developments and security enhancements
Corporate restructuring or business changes

13.2 Notification Process

Significant Changes:

Email notification to registered users (30 days advance notice)
Prominent website posting of updated policy
Client portal notifications for active users

Minor Changes:

Website posting with updated “Last Modified” date
Annual summary of changes in client communications

13.3 Continued Use

Your continued use of our services after the effective date of changes constitutes acceptance of the updated Privacy Policy.

14. STATE-SPECIFIC PRIVACY RIGHTS

14.1 California Consumer Privacy Act (CCPA) Rights

California residents have additional rights, including:

Right to Know: Detailed information about personal information collection and use
Right to Delete: Request deletion of personal information (subject to exceptions)
Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal information)
Right to Non-Discrimination: Equal treatment regardless of privacy choices
Right to Correct: Request correction of inaccurate personal information

14.2 Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have rights including:

Access, correction, and deletion of personal information
Data portability and processing restriction rights
Opt-out of targeted advertising and profiling

14.3 Other State Laws

Residents of states with comprehensive privacy laws have additional rights under applicable statutes. Contact us for information about your specific rights.

15. CONTACT INFORMATION AND PRIVACY OFFICER

15.1 General Privacy Inquiries

S & S Building and Design
Attention: Privacy Officer
Address: [Your Business Address]
Phone: [Your Phone Number]
Email: privacy@[yourdomain].com
Website: [Your Website URL]

15.2 Data Protection Officer

Name: [Designated Privacy Officer Name]
Title: Privacy and Compliance Officer
Email: dpo@[yourdomain].com
Phone: [Direct Phone Number]

15.3 Response Timeframes

General Inquiries: 5 business days
Rights Requests: 30 days (may extend to 60 days for complex requests)
Breach Notifications: As required by applicable law
Complaints: 10 business days for initial response

16. DISPUTE RESOLUTION AND ENFORCEMENT

16.1 Internal Complaint Process

Submit written complaint to Privacy Officer
Internal investigation and response within 30 days
Escalation to senior management if unresolved
Documentation of complaint and resolution

16.2 External Enforcement

You may file complaints with:

Oregon Attorney General: [contact information]
Federal Trade Commission: [contact information]
State-specific privacy authorities (where applicable)

16.3 Arbitration and Legal Proceedings

Privacy disputes may be subject to arbitration clauses in service agreements. This Privacy Policy does not waive any legal rights or remedies available under applicable law.

17. DEFINITIONS

“Personal Information” means information that identifies, relates to, describes, or is capable of being associated with a particular individual.

“Processing” means any operation performed on personal information, including collection, use, storage, disclosure, and deletion.

“Service Provider” means a third party that processes personal information on behalf of S & S Building and Design.

“Sensitive Personal Information” includes financial account information, precise geolocation, and other categories requiring enhanced protection.

18. SEVERABILITY AND GOVERNING LAW

18.1 Severability

If any provision of this Privacy Policy is deemed invalid or unenforceable, the remaining provisions shall remain in full force and effect.

18.2 Governing Law

This Privacy Policy is governed by the laws of the State of Oregon and applicable federal law, without regard to conflict of law principles.

19. EFFECTIVE DATE AND ACKNOWLEDGMENT

This Privacy Policy is effective as of January 1, 2025, and supersedes all previous privacy policies and statements.

By using our services or providing personal information, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.