About Us

Effective Date: September 1, 2025

Last Updated: September 1, 2025

Safe Harbor Compliance Group

PO Box 231175, Sacramento, CA 95823

[https://safeharborcg.com/] | [DCastillo@safeharborcg.com] | [916-826-2834]

1. INTRODUCTION AND COMMITMENT TO PRIVACY

Welcome to Safe Harbor Compliance Group (“Company,” “we,” “us,” or “our”). We are an Occupational Health & Safety and Regulatory Compliance Consulting firm founded in September 2025 by Daniel Castillo and Juan P. Dominguez, based in Sacramento, California. Our mission is to protect workers and empower employers by delivering expert, bilingual safety training and OSHA compliance solutions.

Your privacy is fundamental to our values. Just as we help businesses create safe harbors from regulatory risk, we are committed to creating a safe harbor for your personal and business information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, engage our consulting services, participate in our training programs, or otherwise interact with us.

This policy applies to all visitors to our website, clients, training participants, vendors, and other individuals whose personal information we process in the course of our business operations. By using our Site or services, you consent to the data practices described in this policy.

This Privacy Policy is available in English and Spanish. If you would like to receive a copy in Spanish, please contact us at the information provided above.

2. INFORMATION WE COLLECT

We collect information that identifies, relates to, describes, references, or is reasonably capable of being associated with a particular individual or business (“Personal Information”). The categories of information we collect depend on your relationship with us and how you interact with our services.

2.1. Information You Provide Directly

Client and Business Contact Information:

  • Name, job title, company name, and contact details (email, phone, mailing address)
  • Business address, facility locations, and operational details relevant to compliance consulting
  • Billing and payment information (processed securely through third-party payment processors; we do not store full credit card numbers)

Training Participant Information:

  • Name, employer, job role, and contact information for individuals attending our safety training sessions
  • Language preference to facilitate our bilingual training capabilities
  • Training completion records, assessment results, and certification documentation
  • Signature acknowledgments for attendance and comprehension (collected electronically or on paper)

Consulting Engagement Data:

  • Workplace safety records, incident reports, and compliance documentation shared for audit or program development purposes
  • Photographs, videos, or notes taken during on-site assessments (with prior client consent)
  • Employee interview notes or survey responses gathered during compliance reviews (anonymized where possible)

Website and Communication Data:

  • Information submitted through contact forms, service inquiries, or newsletter sign-ups
  • Content of emails, messages, or other communications sent to our team
  • Preferences for communication frequency and format

2.2. Information Collected Automatically

Website Usage Data:

  • IP address, browser type, operating system, and device information
  • Pages visited, time spent on Site, clickstream data, and referring URLs
  • Cookies and similar tracking technologies (see Section 5 for details)

On-Site Engagement Data:

  • Location data when our consultants access client facilities (for scheduling and safety purposes)
  • Timestamps and duration of on-site visits

2.3. Information from Third Parties

  • Business referrals from industry partners, trade associations, or professional networks
  • Publicly available regulatory information (e.g., Cal/OSHA citation histories, business licenses)
  • Verification data from third-party identity or business authentication services

3. HOW WE USE YOUR INFORMATION

We use the information we collect for legitimate business purposes consistent with our mission to provide expert compliance consulting and safety training. These purposes include:

3.1. Service Delivery and Operations

  • To provide, maintain, and improve our consulting, training, and compliance services
  • To develop customized safety programs, training materials, and compliance solutions tailored to your industry and operational needs
  • To schedule and coordinate on-site engagements, training sessions, and follow-up consultations
  • To process payments, send invoices, and manage account administration
  • To maintain records of training completion and certification as required by regulatory standards

3.2. Communication and Support

  • To respond to inquiries, provide customer support, and address concerns
  • To send important administrative information, such as updates to our Terms, Privacy Policy, or service changes
  • To deliver requested resources, newsletters, or educational content about workplace safety and regulatory updates
  • To communicate in your preferred language, leveraging our bilingual capabilities to ensure clarity and accessibility

3.3. Business Improvement and Compliance

  • To analyze usage patterns and improve the functionality, security, and user experience of our Site and services
  • To conduct internal research and development to enhance our training methodologies and consulting frameworks
  • To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
  • To protect the rights, property, or safety of Safe Harbor Compliance Group, our clients, employees, or the public

3.4. Marketing (With Consent Where Required)

  • To send promotional communications about new services, training opportunities, or industry insights (you may opt out at any time)
  • To invite you to webinars, workshops, or events relevant to your industry sector
  • To share case studies or testimonials (only with your explicit prior consent)

4. LEGAL BASIS FOR PROCESSING (FOR APPLICABLE JURISDICTIONS)

For individuals in jurisdictions that require a legal basis for data processing (such as the European Economic Area or the United Kingdom), we process Personal Information based on:

  • Contractual Necessity: To fulfill our obligations under a service agreement with you or your employer.
  • Legitimate Interests: To operate, secure, and improve our services; to communicate with clients and prospects; and to protect our legal rights.
  • Consent: Where required, we will obtain your explicit consent for specific processing activities, such as sending marketing communications or publishing testimonials. You may withdraw consent at any time.
  • Legal Compliance: To comply with applicable laws, regulations, or regulatory obligations under Cal/OSHA, Federal OSHA, or other governing bodies.

5. COOKIES AND TRACKING TECHNOLOGIES

5.1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help us recognize your device, remember preferences, analyze Site traffic, and improve your browsing experience.

5.2. Types of Cookies We Use

  • Essential Cookies: Necessary for the Site to function properly (e.g., security, accessibility). These cannot be disabled.
  • Performance/Analytics Cookies: Help us understand how visitors interact with our Site (e.g., Google Analytics). Data is aggregated and anonymized.
  • Functionality Cookies: Remember your preferences, such as language selection for our bilingual content.
  • Marketing/Targeting Cookies: Used to deliver relevant advertisements or measure campaign effectiveness (if applicable).

5.3. Managing Cookies

Most web browsers allow you to control cookies through their settings. You can typically choose to:

  • Accept all cookies
  • Reject non-essential cookies
  • Delete cookies after each session
  • Receive notifications when a cookie is set

Please note that disabling certain cookies may limit your ability to access all features of our Site. For more information about managing cookies, visit www.allaboutcookies.org.

5.4. Do Not Track Signals

California law requires us to disclose how we respond to web browser “Do Not Track” (DNT) signals. Currently, our Site does not alter its data collection practices when a DNT signal is detected. However, we do not engage in cross-context behavioral advertising that would typically trigger DNT concerns.

6. HOW WE SHARE AND DISCLOSE INFORMATION

We do not sell, rent, or trade your Personal Information to third parties for their marketing purposes. We may share information in the following limited circumstances:

6.1. Service Providers and Processors

We engage trusted third-party vendors to assist with business operations, such as:

  • Website hosting, analytics, and security services
  • Payment processing and invoicing platforms
  • Email communication and customer relationship management tools
  • Cloud storage and document management systems

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

6.2. Legal and Regulatory Requirements

We may disclose information if required to do so by law, subpoena, court order, or regulatory request from agencies such as Cal/OSHA, Federal OSHA, the California Department of Industrial Relations, or other governmental authorities. We will notify you of such requests unless legally prohibited.

6.3. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Site of any change in ownership or use of your Personal Information.

6.4. With Your Consent

We may share information with third parties when you explicitly consent to such sharing, such as:

  • Referring you to specialized legal counsel for matters beyond our consulting scope
  • Coordinating with your insurance provider or safety committee (upon your authorization)
  • Publishing testimonials or case studies featuring your organization (only with written permission)

6.5. Aggregated and De-Identified Data

We may create aggregated, anonymized, or de-identified data from your information for statistical analysis, industry reporting, or service improvement. This data cannot reasonably be used to identify you and is not subject to this Privacy Policy.

7. DATA SECURITY MEASURES

We implement appropriate technical, administrative, and physical safeguards designed to protect your Personal Information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data in transit and at rest
  • Secure access controls and authentication protocols for our systems
  • Regular security assessments and employee training on data protection
  • Secure disposal of physical documents containing Personal Information
  • Contractual data protection requirements for all service providers

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. You are responsible for safeguarding any login credentials or confidential information you share with us.

8. DATA RETENTION

We retain Personal Information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on:

  • Client Records: Typically retained for the duration of our engagement plus seven (7) years to comply with California business record requirements and potential regulatory audits.
  • Training Records: Maintained for a minimum of three (3) years, or longer if required by specific OSHA standards or client agreements.
  • Website Analytics Data: Aggregated and anonymized data may be retained indefinitely for trend analysis; identifiable log data is typically deleted after 26 months.
  • Marketing Lists: Retained until you opt out or request deletion.

When information is no longer needed, we securely delete or anonymize it in accordance with industry standards.

9. YOUR PRIVACY RIGHTS AND CHOICES

Depending on your location and applicable law, you may have certain rights regarding your Personal Information. California residents have additional rights under the CCPA/CPRA, detailed in Section 10 below.

9.1. General Rights (All Users)

  • Access and Portability: Request a copy of the Personal Information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your Personal Information, subject to certain legal exceptions.
  • Opt-Out of Marketing: Unsubscribe from promotional emails by clicking the “unsubscribe” link or contacting us directly.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time (without affecting prior processing).

9.2. How to Exercise Your Rights

To submit a request regarding your Personal Information, please contact us at: Safe Harbor Compliance Group
Attn: Privacy Officer
PO Box 231175, Sacramento, CA 95823
[Insert Privacy Email Address] | [Insert Phone Number]

We will verify your identity before processing your request to protect your privacy. You may designate an authorized agent to submit requests on your behalf with proper documentation. We aim to respond to verified requests within 45 days, as required by California law.

9.3. Non-Discrimination

We will not discriminate against you for exercising your privacy rights. This means we will not deny services, charge different prices, or provide a different level of service because you have exercised your rights, unless permitted by law.

10. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your Personal Information.

10.1. Categories of Personal Information Collected (Past 12 Months)

We have collected the following categories of California consumers’ Personal Information:

  • Identifiers: Name, email, phone number, address, IP address.
  • Customer Records: Contact information, payment details (limited), business affiliation.
  • Professional/Employment Information: Job title, employer, work history relevant to training.
  • Commercial Information: Service engagement history, training records.
  • Internet Activity: Browsing behavior on our Site, cookie data.
  • Geolocation Data: Approximate location from IP address; precise location only with consent during on-site visits.
  • Inferences: Preferences or profiles derived from the above to tailor services.

10.2. Categories Sold or Shared

In the preceding 12 months, Safe Harbor Compliance Group has not sold California consumers’ Personal Information as defined by the CCPA. We have not shared Personal Information for cross-context behavioral advertising.

10.3. Your California Rights

  • Right to Know: Request details about the Personal Information we collect, use, disclose, and sell/share.
  • Right to Delete: Request deletion of Personal Information we collected from you, subject to exceptions (e.g., completing transactions, legal compliance, security).
  • Right to Correct: Request correction of inaccurate Personal Information.
  • Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive Personal Information beyond what is necessary to provide our services or comply with law.
  • Right to Opt-Out of Sale/Sharing: Not applicable as we do not sell or share Personal Information for advertising purposes.
  • Right to Non-Discrimination: As described in Section 9.3.

10.4. Authorized Agent

California residents may designate an authorized agent to exercise rights on their behalf. We require written permission and verification of your identity before processing such requests.

11. INTERNATIONAL DATA TRANSFERS

Safe Harbor Compliance Group is based in the United States. If you access our Site or services from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our services, you consent to such transfers. We implement appropriate safeguards, such as contractual clauses, to protect information transferred internationally.

12. CHILDREN’S PRIVACY

Our services are directed to businesses and adult professionals. We do not knowingly collect Personal Information from children under the age of 16. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe a child has provided us with Personal Information, please contact us immediately.

13. THIRD-PARTY LINKS AND CONTENT

Our Site or training materials may contain links to third-party websites, resources, or regulatory portals (e.g., OSHA.gov, DIR.ca.gov). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any external sites you visit. We are not responsible for the content, security, or practices of third-party websites.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. The “Last Updated” date at the top of this policy will indicate when changes were made. We encourage you to review this policy regularly. For material changes, we will provide notice via email, a prominent notice on our Site, or other reasonable means prior to the changes taking effect. Your continued use of our Site or services after such notice constitutes your acceptance of the updated policy.

15. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

Safe Harbor Compliance Group

Attn: Privacy Officer

PO Box 231175

Sacramento, CA 95823

Email: DCastillo@safeharborcg.com

Phone: 916-826-2834

You have the right to lodge a complaint with a data protection authority if you believe we have violated applicable privacy laws. For California residents, you may contact the California Attorney General’s office or the California Privacy Protection Agency.