(614) 334-3300

info@bcicontrols.com

Privacy Policy

Effective Date: January 1, 2026

 

Privacy Statement

Building Control Integrators (“BCI,” “we,” “our,” “us”) is committed to protecting your privacy and securing sensitive information in compliance with NIST Cybersecurity Framework (CSF), NIST SP 800-171, CMMC Level 2, and applicable U.S. federal and Ohio state privacy laws. This Privacy Policy explains how we collect, use, and safeguard personal information from individuals who visit our website, use our services, or interact with us (“you”), and outlines your rights and choices regarding your data. This Privacy Policy applies to information collected through our website and general business interactions and does not replace or modify data protection obligations contained in client contracts, statements of work, or other binding agreements.

 

Information We Collect

You may browse our website without providing personal information. However, we may collect personal information when you:

Submit a contact form or request information.
Sign up for newsletters or alerts.
Apply for employment or engage with our services.
We also automatically collect technical data such as IP address, browser type, device identifiers, and usage patterns for security and analytics purposes.

 

Categories of Data We Handle:

Public Data: Information intended for public disclosure.

Restricted Data: Internal business information.
Controlled Data: Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), and building automation system credentials.
How We Use Your Information

To respond to inquiries and provide requested services.

To maintain secure systems and comply with contractual and regulatory obligations.
To improve website functionality and user experience.
To fulfill legal requirements or protect BCI’s rights and property.

We do not sell personal information. We share data only with trusted service providers under strict confidentiality agreements and for legitimate business purposes. Service providers may include website hosting providers, security and monitoring vendors, analytics providers, professional service partners, and other vendors necessary to operate our business and website.

 

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, contract, or security requirements. Retention periods may vary depending on the nature of the information and applicable legal or contractual obligations.

 

Data Protection Measures

BCI implements technical, administrative, and physical safeguards consistent with NIST CSF, NIST SP 800-171, and CMMC Level 2, including:

Encryption: All Restricted and Controlled data is encrypted at rest and in transit using FIPS-validated cryptographic algorithms.

Access Control: Role-based access and multi-factor authentication for sensitive systems.
Monitoring: Continuous monitoring and logging of data access.
Backup Security: Encrypted backups stored in secure, controlled-access facilities.
Incident Response: Breach notifications in compliance with Ohio Data Protection Act and federal law.

 

Cookies and Analytics

We use cookies and similar technologies to enhance site functionality and analyze usage. You may disable cookies in your browser settings, but some features may not function properly.

Cookies may be used for session management, authentication, site preferences, security controls, and analytics purposes. Cookies may be persistent or session‑based.

 

Your Privacy Rights

Under applicable U.S. and Ohio laws, you have the right to

Access, correct, or delete your personal information.
Request details about how your data is used.
Opt out of certain data processing activities.
To exercise these rights, contact us at dpo@bcicontrols.com.

We may take reasonable steps to verify your identity before responding to a request and may deny requests where permitted by applicable law.

 

Children’s Privacy

This website is not directed to children under the age of 13, and BCI does not knowingly collect personal information from children.

 

Security Commitment

We apply reasonable and appropriate security measures to protect against unauthorized access, alteration, or disclosure of your data. While we strive for robust protection, no system can guarantee absolute security.

 

Policy Updates

We may update this Privacy Policy periodically. The effective date will reflect the latest revision. Please review this page regularly for updates.

 

Contact Us

For questions about this Privacy Policy or our data practices, email dpo@bcicontrols.com

Scroll to Top