1. Introduction and Scope
Sunset Bluff Services (“Company,” “we,” “us,” or “our”) is a Tennessee-based professional services firm specializing in Emergency Management consulting and Professional Business Services. We are committed to protecting the privacy and security of the personal information of our clients, website visitors, employees, and business partners.
This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in connection with our services and the operation of our website at sunsetbluffservices.com. It applies to all individuals who interact with us, including those located in the United States and Canada.
This Policy is designed to comply with applicable privacy laws in both countries, including:
- United States: No single federal omnibus privacy law applies; however, we comply with all applicable federal and state-level privacy requirements, including those related to financial data, professional services, and electronic communications.
- Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including Alberta’s Personal Information Protection Act (PIPA) and British Columbia’s Personal Information Protection Act (PIPA).
By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
We collect personal information in the following categories, depending on the nature of your relationship with us:
2.1 Information You Provide Directly
- Contact and identity information: name, job title, organization, email address, phone number, and mailing address.
- Client and project information: details about your organization, emergency management needs, financial records, procurement documents, and administrative data shared in connection with service delivery.
- Communications: emails, phone call records, and messages sent through our website contact forms or directly to our team.
- Financial information: billing details and payment information necessary to process invoices and payments for services rendered.
2.2 Information Collected Automatically
- Website usage data: IP address, browser type, operating system, referring URL, pages visited, and time spent on pages, collected via cookies and similar technologies.
- Device information: device type, screen resolution, and language settings.
- Log data: server logs that record access times, error reports, and activity on our website.
2.3 Information from Third Parties
- Business information: data from publicly available sources, professional directories, and LinkedIn, used to research prospective clients or partners.
- Referral information: contact information provided by a mutual contact who refers you to our services.
3. How We Use Your Information
We use personal information for the following purposes:
3.1 Service Delivery
- To provide, manage, and improve our Emergency Management and Professional Services offerings.
- To communicate with clients regarding project status, deliverables, and service updates.
- To process payments and manage billing and contract administration.
3.2 Legal and Compliance Obligations
- To comply with applicable federal, state, and provincial legal requirements.
- To respond to lawful requests from government authorities or law enforcement.
- To protect our legal rights, enforce contracts, and resolve disputes.
3.3 Business Operations
- To operate and improve our website and internal systems.
- To conduct business analysis, performance tracking, and strategic planning.
- To manage vendor and contractor relationships.
3.4 Marketing and Communications
- To send newsletters, service announcements, or other communications to individuals who have opted in or with whom we have an existing business relationship, as permitted by applicable law.
- To respond to inquiries submitted through our website or by phone.
4. Legal Basis for Processing (Canada – PIPEDA)
For individuals in Canada, we process personal information based on the following grounds under PIPEDA:
- Consent: Where you have expressly or implicitly consented to the collection and use of your personal information, including by engaging our services or subscribing to communications.
- Contractual necessity: Where processing is required to fulfill our obligations under a services agreement with you or your organization.
- Legitimate interest: Where processing is reasonably necessary for our legitimate business interests, provided such interests are not overridden by your privacy rights.
- Legal obligation: Where we are required to process information to comply with Canadian law.
You may withdraw your consent at any time by contacting us using the details in Section 10, subject to legal or contractual restrictions.
5. Disclosure of Personal Information
We do not sell, rent, or trade personal information. We may share information in the following limited circumstances:
5.1 Service Providers
We may engage trusted third-party vendors to support our operations, including cloud hosting, accounting software, email platforms, and payment processors. These vendors are contractually obligated to protect information and use it only as directed by us.
5.2 Government and Emergency Clients
In the course of providing emergency management services to government agencies, municipalities, or community organizations, we may share client-provided data as required by the scope of work or applicable law. We treat all such data with the highest degree of confidentiality.
5.3 Legal Disclosure
We may disclose personal information when required by law, court order, or government authority, or when we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business assets, personal information may be transferred as part of that transaction. We will notify affected individuals if such a transfer occurs and a new privacy policy applies.
6. Cross-Border Data Transfers
Sunset Bluff Services is based in the United States. If you are located in Canada, your personal information may be transferred to and processed in the United States, where privacy laws may differ from those in your province or territory.
We take appropriate contractual and technical measures to protect personal information transferred across borders and ensure it receives an adequate level of protection consistent with applicable Canadian privacy laws.
By engaging our services or submitting information through our website, Canadian residents acknowledge and consent to this cross-border transfer.
7. Data Retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law and professional obligations. Typical retention guidelines are as follows:| Data Category | Retention Period |
|---|---|
| Client project records | 7 years after project completion, or as required by contract or law |
| Financial and billing records | 7 years, in accordance with U.S. and Canadian tax requirements |
| Website contact inquiries | 3 years from last contact, unless converted to a client relationship |
| Employee and contractor records | As required by applicable employment law |
| Website analytics data | 26 months (anonymized after 13 months) |
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
8.1 Rights for All Individuals
- Right to access: You may request a copy of the personal information we hold about you.
- Right to correction: You may request that inaccurate or incomplete information be corrected.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
- Right to complain: You have the right to lodge a complaint with an applicable privacy authority.
8.2 Additional Rights for Canadian Residents (PIPEDA)
- You have the right to know what personal information we hold, how it is used, and to whom it may have been disclosed.
- You have the right to challenge our compliance with PIPEDA by contacting the Office of the Privacy Commissioner of Canada.
- Where technically and legally feasible, you have the right to request deletion of personal information that is no longer necessary for the purposes for which it was collected.
8.3 How to Exercise Your Rights
To exercise any of the rights described above, please submit a written request to our Privacy Contact using the information in Section 10. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
9. Security of Personal Information
We implement reasonable and appropriate administrative, technical, and physical security measures to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Encrypted communication channels for transmitting sensitive data.
- Access controls limit information to authorized personnel only.
- Regular review of our data handling and security practices.
- Secure storage of physical and electronic records.
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. In the event of a data breach that poses a risk of harm, we will notify affected individuals and applicable authorities as required by law.
10. Cookies and Website Tracking
Our website (sunsetbluffservices.com) uses cookies and similar tracking technologies to operate the site, analyze traffic, and improve your experience. Types of cookies used include:
- Strictly necessary cookies: Required for the website to function correctly, including session management and security.
- Analytics cookies: Used to understand how visitors interact with the site (e.g., pages viewed, time on site). Data collected is aggregated and anonymized where possible.
- Functional cookies: Used to remember your preferences, such as language or region.
You may manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our website. We do not use cookies for targeted advertising.
11. Children’s Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or our services. When we make material changes, we will update the “Effective Date” at the top of this Policy and, where appropriate, notify affected individuals by email or a prominent notice on our website.
We encourage you to review this Policy periodically to stay informed about how we protect your information. Your continued use of our website or services after any update constitutes your acceptance of the revised Policy.
13. Contact Information and Privacy Officer
If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact our Privacy Contact:
Sunset Bluff Services – Privacy Contact
Email: info@sunsetbluffservices.com
Emergency Management Line: +1 (865) 309-4652
Professional Services Line: +1 (865) 309-4694
Website: sunsetbluffservices.com
U.S. residents may contact the Federal Trade Commission (FTC) at www.ftc.gov with concerns about privacy practices.
Canadian residents who are not satisfied with our response may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376.