1 Scope and legal framework
Schmitt Engineering provides engineering and inspection services in New York. We are subject to the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), which requires businesses to implement reasonable administrative, technical and physical safeguards to protect "private information". We also adhere to the New York Child Data Protection Act, which extends privacy protections to individuals under 18 years of age. Depending on your location and the services we provide, other federal or state privacy laws may apply. This notice is intended to meet the disclosure requirements found in these laws.
2 Information we collect
We collect personal information in several ways:
Information you provide directly. When you contact us or schedule an inspection, you may provide:
Contact details, such as your name, mailing address, email address and phone number;
Appointment and service details, such as the property address and the type of inspection or engineering service requested;
Billing and payment information, including your credit or debit card number and billing address (collected on our behalf by third party processors, as explained in Section 4.2); and
Communications, such as questions, feedback or other information you choose to share.
Information we collect automatically. When you visit our website, we and our service providers use cookies and similar technologies to collect technical data (such as IP address, browser type, device identifiers, referring page, pages visited and time spent on pages). Google Analytics receives the URL and your IP address when you visit our site and may set cookies to provide analytics services. You can learn how Google uses this information and how to control cookies through Google’s Ad Settings or the Google Analytics Opt Out Browser Add On.
We do not knowingly collect personal information from individuals under 18 years old. If we become aware that a minor has provided personal information, we will delete it and refrain from further processing unless the law permits or requires otherwise.
3 How we use personal information
We use the information described above for the following purposes:
• Provide services. We use your information to schedule and perform inspections, prepare reports, deliver engineering services, process payments and send invoices.
• Communicate with you. We respond to questions, provide appointment reminders and notifications, deliver inspection reports and send information about changes to our services or policies.
• Operate and improve our business. We maintain internal records, comply with professional and legal obligations, perform accounting and auditing functions and protect our rights and property. We also analyze website usage to improve performance and user experience, as privacy law guidance encourages organizations to state clear and legitimate purposes for processing.
We do not sell or rent your personal information. We only share it as described below.
4 How we share information and work with third party service providers
4.1 Scheduling and customer management platform (ISN)
We partner with Inspection Support Network (ISN) to manage scheduling, billing and customer communication. When you schedule an appointment, ISN collects your contact information, service details and payment information. ISN provides us with the data we need to deliver the requested services. Please review ISN’s Privacy Policy for more information about how they handle your data.
4.2 Payment processing and PCI DSS compliance
Schmitt Engineering does not store or process cardholder data. Our payment processors encrypt and tokenize card data before it reaches our systems and maintains PCI DSS Level 1 Service Provider. Under PCI DSS, merchants must maintain an inventory of third party service providers, assign personnel to manage vendor relationships, include explicit PCI DSS responsibilities in contracts and periodically monitor vendor compliance. We therefore:
• Select compliant vendors. We only engage payment processors that maintain up to date PCI DSS compliance.
• Maintain oversight. We keep an inventory of our payment service providers, include appropriate security obligations in contracts, and review compliance documentation annually.
• Exclude card data from our systems. Card information is captured through a hosted payment form provided by ISN or our payment processor. We receive only a token or confirmation that the payment was successful and do not store raw card numbers.
4.3 Website hosting, analytics and social media plugins
Our website is hosted by a third party platform (e.g., Squarespace). We use Google Analytics and similar tools to understand how visitors use our site; these services collect information such as your IP address and may set cookies. We may also enable social media plugins (e.g., Facebook, Instagram) that allow you to share content; those platforms may collect information about your browser and interactions with their services. For details on how these third parties handle your data, please consult their privacy policies.
4.4 Professional advisers and legal obligations
We may disclose your information to accountants, attorneys or other professional advisers to obtain advice or services. We may also disclose information if required by law (for example, responding to lawful requests from regulators or complying with the SHIELD Act’s breach notification provisions) or to protect the rights, property or safety of Schmitt Engineering, our clients or others.
4.5 Business transfers
If we undergo a merger, acquisition, restructuring or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such event as required by law and take steps to ensure the information continues to be protected.
5. Third party websites and external links
Our website may contain links to websites or services operated by third parties for your convenience. Those sites are not under our control, and we are not responsible for their content, accuracy, policies or practices. As a sample clause from Law Insider explains, companies often provide links to third party sites "for convenience" and expressly state that they do not control or endorse the sites and that users access them at their own risk. The clause further notes that companies do not review, approve or endorse third party content and that any use is subject to those sites’ terms and conditions. You should review the privacy policies and terms of any third party site before providing personal information.
6 Cookies and similar technologies
We use cookies and similar technologies to:
• Recognize repeat visitors and remember your preferences;
• Collect aggregated statistics about how our website is used;
• Support social media features; and
• Improve site security.
Most browsers accept cookies automatically. You can control or disable cookies through your browser settings, although doing so may affect site functionality. For more information about how Google collects information from sites that use its services and how to control your data, see Google’s explanation of its practices.
7 Data security
We maintain a security program that incorporates administrative, technical and physical safeguards consistent with the SHIELD Act’s requirements. Our safeguards include:
• Administrative measures: designating a data security coordinator, identifying and assessing risks to private information, training employees on security practices, selecting vendors capable of maintaining appropriate safeguards and adjusting our program in light of business changes;
• Technical measures: assessing risks in network and software design, detecting and responding to attacks or system failures and regularly testing systems and controls; and
•Physical measures: controlling physical access to information, protecting against unauthorized access during collection, use and disposal and securely disposing of data when it is no longer needed.
Although we strive to protect your information, no method of transmission or storage is completely secure. Privacy guidance warns businesses not to overstate or misrepresent their security measures; a security clause should reassure users but not promise absolute protection. We therefore cannot guarantee that our safeguards will prevent all breaches, and you acknowledge that you use our services at your own risk. We also remind you to take reasonable steps to protect your personal information (for example, by choosing strong passwords and protecting account credentials).
8 Data retention and deletion
We retain personal information only as long as necessary to fulfil the purposes described in this notice and to comply with legal, accounting or reporting requirements. When information is no longer needed, we will delete or anonymize it. If we learn that we have collected personal data from a minor without parental consent, we will delete the data within the timeframe required by law and prevent further collection.
9 Your rights and choices
Depending on where you live, you may have rights regarding your personal information. These may include the right to:
• Access the personal information we maintain about you;
• Request correction of inaccurate information;
• Request deletion of your personal information, subject to legal retention obligations;
• Object to or restrict certain processing; and
• Withdraw consent where processing is based on consent.
To exercise these rights, please contact us using the details in Section 13. We may need to verify your identity before fulfilling your request. When requests involve information held by a third party service provider (e.g., ISN), we will coordinate with that provider to respond. Some requests may be subject to legal exemptions or other limitations.
10 Do Not Track signals and global privacy controls
Our website currently does not respond to browser “Do Not Track” signals. However, we honor valid global privacy controls and age signaling headers as required by the New York Child Data Protection Act.
11 Children’s privacy
Our services and website are intended for property owners and adults. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that a minor has provided personal information, we will delete the information and comply with applicable law.
12 Disclaimers and limitation of liability
We endeavor to provide accurate and up to date information, but we make no representations or warranties of any kind, express or implied, regarding the completeness, accuracy, reliability or availability of the information on our website or delivered through our services. According to guidance on no responsibility clauses, a business should use simple language to explain that it is not responsible for any damages incurred from the use of its products or services. In that spirit, you agree that Schmitt Engineering and its officers, employees and contractors will not be liable for any indirect, incidental, special, consequential or punitive damages arising out of or related to your use of our website or services, including loss of data, revenue or profits. Your exclusive remedy for dissatisfaction with our website or services is to discontinue using them.
13 How to contact us
If you have any questions or concerns about this Privacy Notice or our data handling practices, or if you wish to exercise your rights, please contact us:
Schmitt Engineering, PLLC
12 Wylie Way, Stony Brook, NY 11790, USA
Email: info@schmittengineering.com
Phone: 631 689 7270
14 Changes to this notice
We may update this Privacy Notice periodically to reflect changes in our practices, services or legal obligations. When we update the notice, we will revise the "Effective Date" above. Your continued use of our website or services after an update constitutes acceptance of the revised notice.
