GRAB BAR INSTALLERS ASSOCIATION OF AMERICA LLC
PRIVACY POLICY
Effective Date: January 8, 2025
Last Updated: January 8, 2025
1. INTRODUCTION
This Privacy Policy describes how Grab Bar Installers Association of
America LLC ("GBIAA," "we," "us," or "our"), a Florida limited liability
company, collects, uses, discloses, and protects your personal information
when you access our website, online courses, certification programs, and
related services (collectively, the "Services") hosted on the Thinkific
platform.
By using our Services, you agree to the collection and use of information
in accordance with this Privacy Policy. If you do not agree with this
Privacy Policy, please do not use our Services.
2. INFORMATION WE COLLECT
2.1 Information You Provide Directly
When you register for our Services, purchase courses or certifications, or
interact with our platform, we may collect:
• Name and contact information (email address, phone number, mailing
address)
• Business information (company name, business address, license
numbers, service areas)
• Payment information (processed by third-party payment processors)
• Account credentials (username, password)
• Course completion data and certification records for the GBIAA
Certified Grab Bar Installer Training program
• Test scores and training completion records
• Communications with us (support inquiries, feedback)
• Profile information for our public member directory including name,
company name, location, contact information, certifications held,
years in business, and service areas (if you choose to be listed)
• Background check information (if implemented in the future and where
applicable)
2.2 Information Collected Automatically
When you use our Services, we automatically collect:
• Device information (operating system, device type, browser type)
• Usage data (pages viewed, time spent, course progress)
• IP address and general location information
• Cookies and similar tracking technologies (see Section 6)
2.3 Information from Third Parties
We may receive information about you from:
• Third-party authentication services including Google, Facebook, and
LinkedIn (if you use social login features)
• Payment processors (transaction confirmation data)
• Analytics providers
• Social media platforms (if you interact with our social sharing
features)
3. HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes:
3.1 Service Delivery
• To provide access to courses, certifications, and membership benefits
• To process payments and maintain transaction records
• To track course progress, record test scores, and issue digital
certificates for the GBIAA Certified Grab Bar Installer Training
program
• To maintain and improve our Services
• To provide customer support
• To verify certifications when inquiries are referred to you
3.2 Communications
• To send service-related notifications (enrollment confirmations,
certification updates)
• To send marketing communications about new courses, services, or
updates (with your consent)
• To respond to your inquiries and requests
• To conduct surveys about your experience
3.3 Member Directory
• To display your profile information in our publicly accessible member
directory (if you opt in)
• To facilitate networking among members and allow public search by
potential customers
• To enable location-based searches for certified installers
3.4 Legal and Security
• To comply with legal obligations and respond to lawful requests
• To protect against fraud, unauthorized access, and security threats
• To enforce our Terms of Service and other policies
• To conduct background checks if implemented in the future and where
required or permitted by law
3.5 Analytics and Improvement
• To analyze usage patterns and improve our Services
• To understand member needs and develop new offerings
• To measure marketing effectiveness through analytics and advertising
technologies
3.6 Social Features
• To enable social login functionality
• To facilitate content sharing on social media platforms
4. CONSENT AND YOUR CHOICES
4.1 How We Obtain Consent
When you provide personal information to subscribe, make a purchase, or
use our Services, you consent to our collection and use of that
information for the specific purpose disclosed.
For secondary purposes such as marketing communications, we will:
• Ask for your express consent, OR
• Provide you with an opportunity to opt out
4.2 Email Marketing Preferences
You may opt out of marketing emails at any time by:
• Clicking the "unsubscribe" link in any marketing email
• Contacting us at [email protected]
• Updating your communication preferences in your account settings
Note: You cannot opt out of service-related communications (e.g., payment
confirmations, certification status updates).
4.3 Member Directory
Inclusion in our public member directory is optional. You may:
• Choose which information to display in your public profile
• Control whether your contact information is visible
• Opt out of the directory entirely
• Update your directory listing at any time through your account
settings
Please note that if you choose to be listed in the directory, your
selected information will be publicly accessible and searchable by anyone
visiting our website.
4.4 Social Login
Use of social login features (Google, Facebook, LinkedIn) is optional. By
using these features, you authorize us to access certain information from
your social media account as permitted by that platform.
4.5 Withdrawing Consent
To withdraw your consent for data processing, contact us at
[email protected]. Please note that withdrawing consent may limit your
access to certain Services.
5. INFORMATION SHARING AND DISCLOSURE
5.1 We Do Not Sell Your Information
We do not sell, rent, or trade your personal information to third parties
for their marketing purposes.
5.2 Service Providers
We share information with third-party service providers who perform
services on our behalf, including:
• Thinkific Labs Inc. (platform hosting)
• Payment processors (Stripe, PayPal, or others as determined by
Thinkific)
• Email service providers (when implemented)
• Analytics providers (which may include Google Analytics and similar
services)
• Advertising technology providers (which may include Facebook Pixel,
LinkedIn Insight Tag, and similar services)
• Social media platforms (for login and sharing functionality)
These providers are contractually obligated to protect your information
and use it only for the purposes we specify.
5.3 Public Member Directory
If you opt into our member directory, your selected information (which may
include name, business name, location, contact information, certifications
held, years in business, and service areas) will be publicly visible and
searchable by anyone, including non-members.
5.4 Partners and Affiliates
We may share limited information with:
• Association partners, state chapters, or affiliated organizations
(with your consent or as necessary for membership benefits)
• Industry partners for educational or professional development
purposes
• Organizations that may be established in the future to support the
grab bar installation industry
5.5 Certification Verification
When third parties (such as insurance companies, contractors, or
customers) contact us to verify your certification status, we refer them
directly to you. We do not share your certification information without
your direct involvement.
5.6 Background Check Providers
If we implement background checks in the future, we may share necessary
information with background check service providers. You will be notified
and asked for consent before any such checks are conducted.
5.7 Legal Requirements
We may disclose your information when required by law, including:
• In response to court orders, subpoenas, or legal processes
• To comply with government investigations
• To protect our rights, property, or safety, or that of our members or
the public
• In connection with fraud prevention or security matters
5.8 Business Transfers
If GBIAA is acquired, merged, or sold, your information may be transferred
to the new owner to ensure continuity of service. We will notify you of
any such transfer.
6. COOKIES AND TRACKING TECHNOLOGIES
6.1 What Are Cookies?
Cookies are small text files stored on your device that help us recognize
you, remember your preferences, and improve your experience.
6.2 How We Use Cookies
We use cookies and similar technologies to:
• Maintain your login session
• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Measure the effectiveness of our content and marketing campaigns
• Provide personalized content and recommendations
• Enable social media features and sharing
• Deliver relevant advertisements (when advertising features are
implemented)
6.3 Types of Cookies We Use
• Essential Cookies: Required for the Services to function (login,
course access)
• Analytics Cookies: Help us understand how you use our Services
(including Google Analytics and similar tools)
• Functional Cookies: Remember your preferences and settings
• Social Media Cookies: Enable social login and sharing features
• Marketing Cookies: Used to deliver relevant advertisements and
measure campaign effectiveness (including Facebook Pixel, LinkedIn
Insight Tag, and similar technologies when implemented)
6.4 Third-Party Cookies
Our Services may use third-party cookies from:
• Analytics providers (e.g., Google Analytics)
• Social media platforms (e.g., Facebook, LinkedIn, Google)
• Advertising networks (when implemented)
These third parties may collect information about your online activities
over time and across different websites.
6.5 Managing Cookies
You can control cookies through your browser settings:
• Most browsers allow you to refuse cookies or delete existing cookies
• Disabling cookies may limit your ability to use certain features
• To opt out of Google Analytics:
https://tools.google.com/dlpage/gaoptout
• To manage social media cookies, adjust your settings on each platform
• To learn more about cookies: https://www.allaboutcookies.org
6.6 Do Not Track Signals
We currently do not respond to "Do Not Track" browser signals, as there is
no consistent industry standard for compliance.
6.7 Web Analytics
We use web analytics tools to collect information about how you use our
Services. This helps us improve content, user experience, and understand
which marketing efforts are most effective. Analytics data is typically
anonymized or aggregated.
7. SOCIAL MEDIA FEATURES
7.1 Social Login
We offer the option to create an account or log in using your existing
social media accounts (Google, Facebook, LinkedIn). When you use social
login:
• You authorize us to access certain information from your social media
profile
• The information we receive depends on your privacy settings on that
platform
• We may access your name, email address, profile picture, and other
basic profile information
• You can revoke this access through your social media account settings
7.2 Social Sharing
Our Services include social sharing buttons that allow you to share
content on social media platforms. When you use these features:
• The social media platform may collect information about your visit
• Your activity may be visible to your social media connections
• The social media platform's privacy policy governs how they use this
information
7.3 Social Media Interactions
If you interact with our social media accounts or mention us on social
media, we may view and use that information in accordance with the social
media platform's terms and this Privacy Policy.
8. DATA SECURITY
8.1 Security Measures
We implement reasonable technical, administrative, and physical safeguards
to protect your personal information, including:
• SSL/TLS encryption for data transmission
• Secure data storage with encryption
• Access controls limiting who can view your information
• Regular security assessments and updates
• Compliance with industry best practices
8.2 Limitations
While we follow industry standards and PCI-DSS requirements, no method of
transmission or electronic storage is 100% secure. We cannot guarantee
absolute security of your information.
8.3 Data Breach Notification
In the event of a data breach that affects your personal information, we
will notify you and relevant authorities as required by Florida Statutes
§501.171 and other applicable regulations. Notification will be provided
without unreasonable delay.
8.4 Your Responsibility
You are responsible for:
• Maintaining the confidentiality of your account credentials
• Notifying us immediately at [email protected] of any unauthorized
access
• Using a strong, unique password
• Securing your device and internet connection
9. DATA RETENTION
9.1 How Long We Keep Your Information
We retain your personal information for as long as necessary to:
• Provide you with Services
• Maintain certification and course completion records
• Comply with legal obligations (tax records, business records)
• Resolve disputes and enforce our agreements
9.2 Retention Periods
• Active accounts: Duration of membership plus applicable legal
retention periods
• GBIAA Certified Grab Bar Installer Training records: Indefinitely,
for credential verification and professional record-keeping
• Test scores and training completion data: Indefinitely, as part of
your permanent certification record
• Digital certificates: Indefinitely, for verification purposes
• Payment records: Seven years, as required by law
• Marketing communications: Until you opt out
• Member directory listings: Until you opt out or close your account
• Background check records (if implemented): As required by applicable
law
9.3 Deletion Requests
You may request deletion of your personal information (see Section 11).
Note that we may retain certain information as required by law or for
legitimate business purposes, including:
• Certification records for professional credential verification
• Records necessary to comply with legal, tax, or regulatory
requirements
• Information necessary to resolve disputes or enforce agreements
10. PAYMENT PROCESSING
10.1 Third-Party Payment Processors
All payments are processed by third-party payment processors integrated
with the Thinkific platform, currently including Stripe and PayPal. We do
not directly collect, store, or process credit card information.
10.2 Payment Security
• All payment transactions are encrypted using industry-standard SSL
(Secure Socket Layer) technology
• Payment processors comply with PCI-DSS (Payment Card Industry Data
Security Standard)
• Your purchase transaction data is stored only as long as necessary to
complete your purchase and fulfill legal obligations
• Credit card information is stored and encrypted by the payment
processor using AES-256 encryption
10.3 Payment Information We Receive
While we do not receive your credit card details, we may receive:
• Transaction confirmation and payment status
• Billing name and email address
• Transaction amount and date
• Last four digits of credit card (for reference purposes)
10.4 Payment Processor Privacy Policies
We recommend reviewing the privacy policies of our payment processors:
• Stripe: https://stripe.com/privacy
• PayPal: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Please note that Thinkific may change payment processors without our
direct control. We will update this Privacy Policy accordingly when we
become aware of such changes.
11. THIRD-PARTY LINKS AND SERVICES
11.1 External Links
Our Services may contain links to third-party websites, resources, or
services, including:
• Educational resources
• Partner organizations
• Industry publications
• Manufacturer websites
• Social media platforms
We are not responsible for the privacy practices of these external sites.
11.2 When You Leave Our Services
Once you leave our website or are redirected to a third-party website or
application, you are no longer governed by this Privacy Policy or our
Terms of Service. Each third-party service has its own privacy policy and
terms.
11.3 Third-Party Service Providers
Certain third-party service providers (payment gateways, analytics
providers, social media platforms) have their own privacy policies
regarding the information we provide to them. These providers may be
located in jurisdictions with different data protection laws than the
United States.
11.4 Recommendation
We encourage you to read the privacy policies of any third-party sites or
services you use in connection with our Services.
12. YOUR PRIVACY RIGHTS
Depending on your location, you may have the following rights:
12.1 Access and Portability
• Request a copy of the personal information we hold about you
• Request your data in a portable, machine-readable format
• Request information about how we use your data
12.2 Correction
• Request correction of inaccurate or incomplete information
• Update your profile information directly through your account settings
• Update your member directory information at any time
12.3 Deletion
• Request deletion of your personal information (subject to legal
retention requirements)
• Note: Deletion may affect your access to Services, certification
records, and member directory listing
• We may retain certification records for professional verification
purposes even after account deletion
12.4 Restriction and Objection
• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Opt out of marketing communications at any time
12.5 California Residents (CCPA Rights)
If you are a California resident, you have additional rights under the
California Consumer Privacy Act (CCPA):
• Right to know what personal information is collected, used, shared,
or sold
• Right to know the categories of sources from which we collect personal
information
• Right to know the business or commercial purpose for collecting or
selling personal information
• Right to know the categories of third parties with whom we share
personal information
• Right to delete personal information (subject to certain exceptions)
• Right to opt out of the sale of personal information (we do not sell
your information)
• Right to non-discrimination for exercising your CCPA rights
We will not discriminate against you for exercising any of your CCPA
rights, including by:
• Denying goods or services
• Charging different prices or rates
• Providing different quality of goods or services
• Suggesting you will receive different prices or quality of services
12.6 European Residents (GDPR Rights)
Although we currently operate exclusively within the United States, if you
are located in the European Economic Area (EEA), you may have additional
rights under the General Data Protection Regulation (GDPR):
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority
12.7 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: [email protected]
Subject Line: "Privacy Rights Request"
Mailing Address:
Grab Bar Installers Association of America LLC
Attn: Privacy Request
7901 4th St N, Ste 300
St. Petersburg, FL 33702
Please include in your request:
• Your full name and email address associated with your account
• Specific right(s) you wish to exercise
• Any additional information to help us verify your identity
12.8 Verification Process
To protect your privacy, we will verify your identity before processing
requests to access or delete personal information. We may ask for
additional information to confirm your identity.
12.9 Response Time
We will respond to verified requests within:
• 30 days for general requests
• 45 days for CCPA requests (with possible 45-day extension for complex
requests)
• 30 days for GDPR requests (with possible 60-day extension for complex
requests)
12.10 Authorized Agents
California residents may designate an authorized agent to make CCPA
requests on their behalf. We may require proof of authorization and
verification of your identity.
13. CHILDREN'S PRIVACY
13.1 Age Requirement
Our Services are intended for adults and businesses in the professional
grab bar installation industry. We do not knowingly collect personal
information from individuals under 18 years of age.
13.2 Parental Consent
If you are under 18, you may use our Services only with the involvement
and consent of a parent or legal guardian who must agree to this Privacy
Policy on your behalf.
13.3 Professional Services
Our Services are designed for professional training and certification. We
expect our users to be adults engaged in or preparing for professional
work in the grab bar installation field.
13.4 If We Learn of Collection
If we become aware that we have collected personal information from a
person under 18 without appropriate parental consent, we will take steps
to delete that information promptly. If you believe we have collected
information from someone under 18, please contact us at [email protected].
14. INTERNATIONAL DATA TRANSFERS
14.1 Current Operations
We currently operate exclusively within the United States. Your
information is collected, processed, and stored on servers located in the
United States.
14.2 U.S. Data Protection Laws
The United States may not provide the same level of data protection as
some other countries. By using our Services, you consent to the transfer
and processing of your information in the United States under U.S. law.
14.3 Future International Operations
If we expand to serve international members in the future, your
information may be transferred to and processed in countries outside your
country of residence, which may have different data protection laws. We
will update this Privacy Policy and implement appropriate safeguards if
this occurs.
14.4 Third-Party Service Providers
Our third-party service providers may process your information in various
jurisdictions:
• Thinkific Labs Inc. is based in Canada
• Payment processors may process transactions in multiple jurisdictions
• Analytics and advertising providers may operate globally
• Social media platforms operate internationally
By using our Services, you consent to such international transfers and
processing.
14.5 Legal Basis for Processing (GDPR)
If GDPR applies to you, our legal bases for processing your information
include:
• Performance of a contract (providing Services you requested)
• Legitimate interests (improving Services, security, fraud prevention)
• Consent (marketing communications, optional features)
• Legal obligations (compliance with applicable laws)
15. BACKGROUND CHECKS (FUTURE IMPLEMENTATION)
15.1 Notice of Future Implementation
We may implement background check procedures in the future for
certification or membership purposes. If we do so, this section will
govern our practices.
15.2 Consent and Disclosure
If background checks are implemented:
• We will obtain your express written consent before conducting any
background check
• You will be informed of the nature and scope of the background check
• You will receive a copy of your rights under the Fair Credit
Reporting Act (FCRA) if applicable
• You will have the opportunity to review and dispute any findings
15.3 Information Collected
Background checks, if implemented, may include verification of:
• Criminal history
• Professional licenses and credentials
• Employment history
• Educational credentials
• Professional references
15.4 Use of Background Check Information
Background check information will be used solely for:
• Verification of eligibility for certification or membership
• Compliance with legal or regulatory requirements
• Protection of public safety where applicable
15.5 Third-Party Background Check Providers
If we use third-party background check services, we will:
• Ensure they comply with FCRA and applicable state laws
• Require them to protect your information
• Limit information sharing to what is necessary
15.6 Retention of Background Check Information
Background check records will be retained as required by law and our
legitimate business interests, typically for the duration of your
certification plus applicable legal retention periods.
15.7 Your Rights
If background checks are implemented, you will have rights including:
• Right to consent or decline
• Right to receive a copy of the report
• Right to dispute inaccurate information
• Right to know how the information will be used
15.8 Updates to This Section
We will update this Privacy Policy and notify members before implementing
any background check procedures.
16. CHANGES TO THIS PRIVACY POLICY
16.1 Right to Modify
We reserve the right to update or modify this Privacy Policy at any time
to reflect:
• Changes in our practices or Services
• New technologies or features
• Legal or regulatory requirements
• Industry best practices
• User feedback and needs
16.2 Notification of Changes
When we make changes:
• The "Last Updated" date at the top of this policy will be revised
• Changes take effect immediately upon posting to our website
• For material changes that significantly affect your rights or how we
use your information, we will provide prominent notice via:
- Email to your registered email address
- Prominent banner notification on our website
- Notice upon your next login to the Services
• Continued use of our Services after changes are posted constitutes
your acceptance of the updated Privacy Policy
16.3 Material Changes
Examples of material changes include:
• Significant changes in how we use your personal information
• New categories of information collected
• Changes in information sharing practices
• Implementation of new technologies that affect privacy
• Changes to your rights or how to exercise them
• Implementation of background check procedures
16.4 Review Regularly
We encourage you to review this Privacy Policy periodically to stay
informed about how we protect your information and what rights you have.
16.5 Version History
You may request previous versions of this Privacy Policy by contacting us
17. CONTACT INFORMATION
If you have questions, concerns, or requests regarding this Privacy Policy
or our privacy practices, please contact us:
Grab Bar Installers Association of America LLC
Email: [email protected]
Subject Line: "Privacy Inquiry"
Mailing Address:
7901 4th St N, Ste 300
St. Petersburg, FL 33702
We will respond to your inquiry within a reasonable timeframe, typically
within 5-10 business days for general inquiries and within the timeframes
specified in Section 12 for privacy rights requests.
For urgent privacy or security concerns, please indicate "URGENT" in your
subject line.
18. GOVERNING LAW AND DISPUTE RESOLUTION
18.1 Governing Law
This Privacy Policy and any disputes related to privacy matters are
governed by the laws of the State of Florida and applicable federal laws
of the United States, without regard to conflict of law principles.
18.2 Jurisdiction
By using our Services, you consent to the exclusive jurisdiction of the
state and federal courts located in Pinellas County, Florida for any
disputes arising from or related to this Privacy Policy.
18.3 Severability
If any provision of this Privacy Policy is found to be invalid or
unenforceable, the remaining provisions will continue in full force and
effect.
18.4 No Waiver
Our failure to enforce any provision of this Privacy Policy does not
constitute a waiver of that provision or any other provision.
19. ENTIRE AGREEMENT
This Privacy Policy, together with our Terms of Service and any other
legal notices or agreements published on our Services, constitutes the
entire agreement between you and GBIAA regarding the collection, use, and
disclosure of your personal information.
---
ACKNOWLEDGMENT
By using our Services, you acknowledge that you have read, understood, and
agree to be bound by this Privacy Policy. If you do not agree, please do
not use our Services.
Last Updated: January 8, 2025
Version: 1.0
---
For questions about this Privacy Policy, contact: [email protected]