Privacy Policy

PRIVACY POLICY & NOTICE AT COLLECTION

Business Path Solutions

Published Date: December 12, 2025

Effective Date: January 1, 2026

Last Updated: January 1, 2026

1. Introduction and Scope of Agency

Business Path Solutions (“BPS,” “we,” “us,” or “our“) recognizes that data privacy is a fundamental operational imperative. This Privacy Policy describes how we collect, use, disclose, and protect Personal Information in compliance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), the California Delete Act (SB 362), and other applicable state and federal laws.

1.1. Capacity as a “Business” vs. “Service Provider”

To ensure clarity under California law, BPS operates in two distinct capacities:

As a Business: When you visit our website, apply for employment with us, or engage with our marketing, we act as a “Business” and control your data. This Policy governs those interactions.
As a Service Provider: When we provide consulting services to our corporate clients, we often process data on their behalf (e.g., analyzing their customer datasets). In these instances, we act strictly as a “Service Provider” (or “Data Processor”). We process such data solely in accordance with our Master Services Agreement (MSA) and client instructions. We do not use Client Data for our own independent commercial purposes, nor do we Sell or Share it.

2. Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information“).

2.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of Personal Information:

Category	Examples	Primary Source	Business Purpose
A. Identifiers	Real name, postal address, unique personal identifier (cookie ID), IP address, email address, account name.	Directly from you; Auto-collected via website.	Service delivery, account management, marketing, security.
B. Customer Records (Cal. Civ. Code § 1798.80(e))	Name, signature, telephone number, employment history, financial information (payment details).	Directly from you.	Billing, contract fulfillment, B2B relationship management.
C. Protected Classifications	Age, gender (only if voluntarily provided for specific HR or diversity consulting purposes).	Directly from you.	Legal compliance, diversity analytics.
D. Internet Activity	Browsing history, search history, interaction with our website, clickstream data.	Auto-collected (Cookies, Pixels).	Website optimization, analytics, targeted advertising (“Sharing”).
E. Professional Data	Employer, job title, business contact info, CV/Resume (for applicants).	Directly from you; LinkedIn; ZoomInfo.	B2B sales, recruitment, lead generation.
F. Sensitive Personal Information (SPI)	Social Security numbers (employees/1099s), account log-ins, precise geolocation.	Directly from you.	Payroll, tax compliance, fraud prevention.

2.2 Exclusions

Personal Information does not include:

Publicly available information from government records.
De-identified or aggregated consumer information.
Information excluded from the CCPA’s scope (e.g., HIPAA-covered health data, GLBA-covered financial data).

3. How We Use Your Information

We process Personal Information for the following legitimate business purposes:

Core Service Delivery: Providing consulting reports, strategic planning, and operational analysis.
Communications: Responding to inquiries and sending administrative notices.
Security & Fraud Prevention: Detecting security incidents and protecting against malicious activity.
Marketing & Advertising: delivering targeted content (subject to your right to Opt-Out of “Sharing”).
Automated Decision-Making (ADMT): Utilizing algorithms to screen job applicants or assess B2B credit risk (subject to the controls in Section 7).
AI Analysis: Using Generative AI tools to summarize meetings and draft internal documentation (subject to the transparency rules in Section 8).

4. Disclosure of Personal Information

4.1 No “Sale” of Data for Money

Business Path Solutions does not sell your Personal Information to third parties for monetary consideration. We explicitly disclaim status as a “Data Broker” under the California Delete Act (SB 362) because we maintain a direct relationship with all consumers whose data we collect, or we act strictly as a Service Provider to our clients.

4.2 “Sharing” for Cross-Context Behavioral Advertising

Under the CPRA, “Sharing” includes disclosing data to third parties (like Meta or Google) for cross-context behavioral advertising. We use tracking pixels that constitute “Sharing.” You have the absolute right to opt-out of this activity (see Section 6).

4.3 STRICT A2P 10DLC (SMS) NON-SHARING CLAUSE

Notwithstanding any other provision in this Policy: Personal Information collected for the purpose of our SMS/text messaging programs (A2P 10DLC), including mobile phone numbers and consumer consent data, will not be sold, rented, or shared with third parties or affiliates for their marketing purposes. This information is shared only with our telecommunications providers solely for the secure delivery of the messages.

4.4 Service Providers

We disclose Personal Information to trusted vendors (Service Providers) who process data on our behalf under strict contractual confidentiality obligations. These include:

Cloud Infrastructure (e.g., AWS, Azure).
CRM & Marketing Platforms (e.g., HubSpot, Salesforce).
Payment Processors (e.g., Stripe).

5. Data Retention

We retain Personal Information only for as long as reasonably necessary to fulfill the purposes for which it was collected:

Client/B2B Records: 7 years (for tax, legal, and audit defense).
Marketing Data: Until you opt-out or the data is deemed inactive (24 months).
Applicant Data: 4 years (unless hired).

6. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident (including B2B contacts and employees), you possess the following rights:

6.1 Right to Know and Access

You may request that we disclose the categories and specific pieces of Personal Information we have collected, the sources, the business purposes, and the categories of third parties to whom it was disclosed.

6.2 Right to Delete

You may request that we delete your Personal Information, subject to statutory exceptions (e.g., completing a transaction, security, legal compliance). Note: As we are not a Data Broker, we do not participate in the DROP registry; you must submit deletion requests directly to us.

6.3 Right to Correct

You may request that we correct inaccurate Personal Information we maintain about you.

6.4 Right to Opt-Out of Sale/Sharing

You have the right to opt-out of the “Sharing” of your data for targeted advertising.

How to Exercise: Click the “Your Privacy Choices” link in our website footer or enable the Global Privacy Control (GPC) signal in your browser. We process GPC signals as valid opt-out requests in a frictionless manner.

6.5 Right to Limit Use of Sensitive Personal Information (SPI)

You may direct us to limit the use of your SPI to that which is necessary for providing our services.

Note on Minors: Effective 2026, data of consumers under 16 is classified as SPI. We do not knowingly collect data from individuals under 18.

6.6 Right to Non-Discrimination

We will not discriminate against you (e.g., by denying services or charging different rates) for exercising your privacy rights.

7. Automated Decision-Making Technology (ADMT)

Effective January 1, 2026, we comply with CPPA regulations regarding ADMT.

7.1 Pre-Use Notice

We may use ADMT in specific contexts, such as Employment Screening (analyzing resumes for keywords) or B2B Credit Assessment (analyzing financial history).

Logic Involved: Our systems use statistical modeling to match candidate qualifications with job descriptions or to predict creditworthiness based on historical payment data.

7.2 Your Rights regarding ADMT

If we use ADMT for a “Significant Decision” (as defined by regulation, e.g., denial of employment or credit):

Right to Access: You may request information about the logic and output of the ADMT.
Right to Appeal (Human Review): We provide a Human Appeal Exception rather than a blanket opt-out. If you are denied a service or opportunity based on ADMT, you may request a re-evaluation by a qualified human reviewer at BPS with the authority to overturn the decision. To file an appeal, contact privacy@businesspathsolutions.com.

8. Artificial Intelligence (AI) Transparency

8.1 AI Interactions

When you interact with our automated customer support tools (chatbots), we will clearly disclose that you are communicating with an Artificial Intelligence agent at the outset of the interaction.

8.2 AI-Generated Content

Any reports, code, or strategic documents generated primarily by AI will be watermarked or clearly labeled as “AI-Generated” to ensure transparency and provenance.

9. Security and Compliance Audits

We implement “Tier 1” technical and organizational safeguards, including encryption at rest and in transit, multi-factor authentication (MFA), and role-based access controls.

Pursuant to 2026 CPRA requirements, we conduct annual Cybersecurity Audits and Risk Assessments for all processing activities that present a significant risk to consumer privacy. We attest to the completion of these assessments to the California Privacy Protection Agency (CPPA) as required by law.

10. Exercising Your Rights

To submit a request:

Web Form: [Link to Interactive Privacy Portal]
Email: info@businesspathsolutions.com (Subject: “Privacy Request”)
Phone:

Verification: We will verify your identity by matching information you provide (e.g., email, order number) with our records. Authorized Agents must provide written permission signed by the consumer.

11. Contact Us