Privacy policy

Who this applies to

This policy describes how OnSite Employer Testing handles information submitted through this website’s quote request and contact experiences, and related technical processing. It is written for visitors who work for or represent employers and partners inquiring about workplace testing services.

Information we collect through forms

Quote request (/quote): When you complete the multi-step quote flow, we collect the fields you enter, including name, company name, email address, phone number, selected program types, approximate headcount range, location or service-area notes, timeline, and free-text notes about your needs.

Contact (/contact): When you use the general contact form, we collect first name, last name, email address, phone number, and your message.

We may also derive or attach operational metadata when a submission is processed—such as a reference identifier, submission timestamp, and subject line used for internal routing—so our team can match replies to the correct inquiry.

How we use this information

We use form submissions to:

• Respond to quote requests and contact messages
• Follow up about employer drug and alcohol testing programs you ask about
• Operate, secure, and troubleshoot the submission flow (for example validation and delivery errors)

We do not sell your personal information as a standalone commercial product. If that stance ever changes, this policy must be updated and any required notices or consent mechanisms added under applicable law.

Legal bases (for counsel to finalize)

Depending on your location and role, processing may be described as necessary to take steps at your request before a contract, based on legitimate interests in responding to business inquiries, or on another basis your counsel selects. This placeholder does not lock a single legal theory—your counsel should align wording with the jurisdictions where you market and employ staff.

Retention

Placeholder. Define retention with counsel and your email or records policy. Typical patterns to document include: how long inquiry emails remain in the primary mailbox, whether copies live in backups or archives, and when threads are deleted or anonymized after a sale closes or an inquiry goes cold. Replace this paragraph with specific periods or criteria once decided.

Subprocessors and service providers

Delivering form submissions relies on infrastructure and providers outside this site’s HTML. As implemented today:

• Email delivery: Submissions are sent to our team using SMTP through your configured organizational email provider (for example Microsoft 365, Google Workspace, or a host-provided mailbox). That provider processes message content, headers, and routing information under its own terms and security practices.
• Website hosting: The application runs on a hosting platform that processes HTTP requests, may log technical data (such as IP address and user agent for security or operations), and stores deployment configuration. Name the vendor and link to its DPA when counsel approves.
• CRM or ticketing: If you later copy leads into a CRM, help desk, or spreadsheet, list those tools here and describe what fields sync and why.
• Analytics: This marketing site does not currently load third-party marketing or analytics trackers in the application code. If you add tools (for example Google Analytics, Plausible, or ad pixels), disclose them, describe what they collect, and provide opt-out or consent flows as required.
• Bot or abuse protection: A verification widget (for example Cloudflare Turnstile) may be enabled in the future. If so, update this policy to name the vendor and describe any tokens, risk scores, or IP-related processing they perform on your behalf.

Cookies and similar technologies

Describe essential cookies, session storage, or consent-managed marketing cookies here once you inventory them. If you only use strictly necessary cookies for the form or hosting, say so; if you add optional cookies, map them to purposes and retention.

Access, correction, deletion, and complaints

Placeholder. Individuals may have rights to access, correct, delete, or restrict processing of their personal data, or to lodge a complaint with a supervisory authority, depending on applicable law. After counsel review, add a dedicated inbox or web process, expected response times, and any identity verification steps. Until then, you may direct privacy-related requests to the same contact channels published on this site (for example /contact or your business phone), understanding that those channels are not yet a formal data-subject request program.

Security

We use reasonable technical and organizational measures appropriate to the nature of the data—for example transport encryption for email where supported by your mail configuration, access controls on operational accounts, and validation of form input on the server. No method of transmission or storage is perfectly secure; counsel may wish to align this section with your security policies and incident response plan.

Children

This site is intended for employer and business inquiries, not for children. We do not knowingly collect personal information from children as defined by applicable law.

Changes

We will update this page when our practices or subprocessors change materially. Revise the last-updated date below whenever you publish a substantive edit (especially after counsel approval or backend changes).

Last updated (placeholder draft): March 29, 2026