1) Information we collect

A) You give us directly

• Contact & professional info: name, role/title, organization, email, phone, city/county, project status.

• Promotion entries: mission statements, stories (de‑identified), site/jurisdiction details, capacity goals, attachments you upload (no resident images or identifiers).

• Referrals: if you list a referrer or refer others, you provide their name and contact details. You confirm you’re authorized to share this information.

• Preferences & consents: email/SMS opt‑ins, cookie choices, survey answers.

B) Collected automatically

• Technical data: IP address, device/browser, pages viewed, referring/exit pages, timestamps.

• Cookies & similar tech: essential cookies for security and form submissions; optional analytics; no cross‑context behavioral advertising cookies. You can manage non‑essential cookies via our banner or your browser settings. We honor GPC/opt‑out signals where required.

C) Sensitive categories we avoid

• Consumer Health Data (WA): We do not intend to collect “consumer health data” as defined by Washington’s My Health My Data Act (e.g., data that identifies a person’s physical/mental health status). If we ever needed to collect such data, we would first post a Consumer Health Data Privacy Policy on our homepage and obtain required consent(s). For promotions, do not include resident names or medical details.

• Biometric identifiers: We do not enroll or use biometric identifiers for a commercial purpose.

• Children’s data: Our site and promotions are not directed to children under 13, and we don’t knowingly collect children’s information. (See COPPA references.)

2) How we use information

• Operate the site and services (including troubleshooting, security, analytics).

• Administer promotions (verify eligibility, judge entries, select/notify winners, publish non‑identifying winner lists).

• Provide support & communicate (respond to inquiries; send transactional emails/SMS such as status updates).

• Marketing (optional) — send design resources, event notices, and service updates where you’ve opted in (email/SMS). You can unsubscribe at any time.

• Legal, safety & compliance (records of consent, preventing fraud/abuse, complying with laws, enforcing rules).

Legal bases for EEA/UK visitors (if applicable): consent (e.g., for marketing/cookies); contract performance (running a promotion you entered); legitimate interests (security, service improvement); legal obligation (recordkeeping, tax).

3) How we share information

We share personal information only as described below:

• Service providers (“processors”) that host our site/forms, analytics, cloud storage, email/SMS delivery, and security. They must use your data only to provide services to us and protect it appropriately.

• Judges and advisors engaged to evaluate entries, bound by confidentiality.

• Promotion disclosures: as required by law or Official Rules (e.g., winner list), and limited publicity using non‑identifying story excerpts with your permission.

• Legal and safety: to comply with laws, respond to lawful requests, or protect rights, safety, and property.

• Business transfers: in a merger, acquisition, or similar event, your information may transfer subject to this Policy.

We do not sell personal information. We also do not “share” personal information for cross‑context behavioral advertising under California law; therefore we don’t display a “Do Not Sell or Share” link. If we ever start such practices, we will add the legally required links and notices.

4) Your choices & rights

A) Universal choices for all users

• Access / Correction / Deletion: Email us at [mike.g@arete‑architecture.design] to exercise your rights. We’ll verify your identity and respond within a reasonable time.

• Email marketing: Click unsubscribe in our emails. We honor opt‑outs promptly and within 10 business days (CAN‑SPAM).

• SMS texts: Reply STOP to end; HELP for help. We send promotional texts only with your express consent and follow current TCPA rules; consent is not a condition of purchase. (Note: the FCC’s “one‑to‑one consent” rule was vacated by the Eleventh Circuit and delayed by the FCC; we continue to honor prior express (written) consent requirements and will adjust if rules change.)

• Cookies & analytics: Use our cookie banner or browser settings to disable non‑essential cookies. We recognize GPC/opt‑out signals where required.

B) U.S. state privacy rights (summary)

Residents of certain U.S. states (e.g., CA, CO, CT, OR, TX, UT, VA, and others) may have rights to know/access, correct, delete, and opt‑out of certain processing (sale, targeted advertising, profiling), and to appeal a denial. We provide a uniform process via [mike.g@arete-architecture.design]. We also recognize state‑specific universal opt‑out signals (e.g., Colorado).

California (CPRA). We provide a Notice at Collection on forms where required; we describe categories, purposes, retention, and disclosures. If we ever sell or “share” data for cross‑context advertising, we will provide the statutory opt‑out link and honor GPC signals.

Colorado (CPA). We honor Universal Opt‑Out Mechanisms designated by the Colorado AG and provide the rights listed by the statute/regulations.

Oregon (OCPA) & Texas (TDPSA). We follow respective consumer rights and opt‑out provisions; Oregon’s OCPA took effect July 1, 2024; Texas’s TDPSA took effect July 1, 2024 (with some provisions January 1, 2025).

How to submit a request: Email [mike.g@arete-architecture.design] with “Privacy Request” and your state of residence; we may ask for additional verification. Authorized agents may act with appropriate proof.

C) Washington‑specific notices

Consumer Health Data (RCW 19.373). We do not intentionally collect “consumer health data.” If you include health details in an entry, we will either delete or redact them and will not use them for any purpose beyond processing your request. If we ever intentionally collect such data, we will post a Consumer Health Data Privacy Policy on our homepage and obtain the required consent(s), including separate sharing/sale authorizations if applicable.

Biometric identifiers (RCW 19.375). We do not enroll biometric identifiers for commercial use. If that ever changes, we will provide notice and obtain consent as required by law.

5) Communications practices (Email & SMS)

Email (CAN‑SPAM & Washington CEMA). Marketing emails include our physical address and a clear unsubscribe link; we avoid deceptive headers/subjects and honor opt‑outs within 10 business days. Washington also prohibits misleading subject lines and certain routing practices.

Text messages (TCPA/FCC). We send promotional texts only with prior express consent collected by us (checkbox or clear sign‑up language). You can withdraw consent at any time by replying STOP. (The FCC’s 2023 “one‑to‑one consent” update is currently vacated and its effective date was postponed; we monitor changes and will comply with any future requirements.)

6) Referrals

If you list a referrer or refer others to a promotion, you represent that you have permission to share their contact details. We will use referral information only to administer the promotion and send an invitation; referred individuals can opt out of further communications at any time.

7) Data retention

We keep personal information only as long as needed for the purposes described or as required by law:

• Promotion entries and judging materials: up to 24 months from award announcement (unless you ask us to delete sooner, subject to legal holds).

• Winner records and tax documentation (if applicable): 7 years.

• Email/SMS marketing lists: until you unsubscribe or after 24 months of inactivity.

• Website analytics logs: typically 13 months (or shorter where required).

When we no longer need data, we delete or de‑identify it.

8) Security & breach notification

We use technical and organizational measures appropriate to the nature of the data (access controls, encryption in transit, least‑privilege administration, logging, and vendor due diligence). If a data breach occurs, we will notify affected Washington residents and regulators as required by law.

9) International visitors

Our systems are based in the United States. If you visit from outside the U.S., your information may be processed in the U.S. and other countries with different privacy laws. Where required, we rely on your consent, contractual necessity, or standard contractual clauses for cross‑border transfers.

10) Third‑party links and services

Our site may link to third‑party sites or include embedded content (e.g., map platforms, video hosts). We are not responsible for their privacy practices. Review their policies before interacting.

11) Changes to this Policy

We may update this Policy from time to time. Changes apply when posted with a new “Last updated” date. Material changes that affect how we use your personal information will be highlighted on the site and, where required, we will seek your consent.

12) How to contact us

Questions or requests? Email [mike.g@arete-architecture.design] or write to [Arete Architecture, PLLC — Attn: Privacy], 21806 2nd Ave W., Bothell, WA 98021.
You can also manage email preferences via the unsubscribe link, and SMS by replying STOP or HELP.

Notes & legal references (key sources)

• WA “My Health My Data Act,” RCW 19.373 (privacy policy and consent obligations for consumer health data).

• WA Biometric Identifiers (RCW 19.375) (notice/consent for biometric enrollment).

• CAN‑SPAM (FTC guidance) and WA CEMA (RCW 19.190) (commercial email rules; misleading subjects prohibited).

• TCPA/FCC texting rules (FCC postponement; Eleventh Circuit decision affecting “one‑to‑one consent”).

• CPRA/CCPA regulations (Notice at Collection; “sale/share”; GPC in §7025). Colorado CPA rules (Universal Opt‑Out Mechanism).

• WA Data Breach Notification (AG overview).

• COPPA (FTC resources; not directed to children under 13).

One‑page “Notice at Collection” (California add‑on)

Categories collected: identifiers (contact details), professional info (role/org), submission content (de‑identified stories), referral contact info, internet activity (analytics), general location (city/county).
Purposes: administer promotions, provide services, communicate, security/analytics, legal compliance.
Retention: see Section 7 above.
Selling/Sharing: We do not sell or share personal information for cross‑context behavioral advertising. If that changes, we will provide a “Do Not Sell or Share My Personal Information” link and honor GPC.
Your rights: access, delete, correct, opt‑out (where applicable). Submit to [mike.g@arete-architecture.design].