Last Updated: July 7, 2017

The EU-US Privacy Shield framework (the “Privacy Shield”) was designed by the U.S. Department of Commerce (the “DOC”) and the European Commission (the “EC”) to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data [of any natural person who is located in the EU] from the EU to the US in support of transatlantic commerce. On July 12, 2016, the EC deemed the Privacy Shield adequate to enable data transfers under EU law (see the adequacy determination).

As provided herein, Scherzer International Corporation (“SI”) complies with the Privacy Shield principles regarding the collection, use, and retention of personal information transferred from the EU to the US, and has certified its compliance to the DOC accordingly. To learn more about the Privacy Shield program, and to view our certification, please visit

SI also complies, as applicable, with US laws, and particularly the Fair Credit Reporting Act (“FCRA” 15 U.S.C. §§ 1681 et seq.) and its state counterparts, which provide privacy protection for consumer personal data in connection with consumer reports. In the event of a conflict between this Privacy Shield policy and the FCRA or other applicable laws, SI will comply with its obligations under the FCRA or other applicable US law.

SI hereby confirms its commitment to subject to the Privacy Shield principles all personal data received from the EU in reliance on the Privacy Shield.

  1. Notice

SI will include a link to this policy (or to our general privacy policy which includes a link therein to this policy) when individuals are first asked to provide personal information to SI or as soon thereafter as it is practicable, but in any event before SI discloses it for the first time to a third party. Disclosure is made only as necessary in connection with performing our Search Services. SI does not use personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.

If any personal information in connection with our Search Services necessitates a transfer from the EU, we require the individual’s explicit, voluntary and unambiguous written consent, as provided in a disclosure/authorization form that is specific to the particular purpose of the background check (the “Consent”).

SI collects personal information in connection with its Search Services only as requested by its clients for business transaction due diligence, employment background screening, evaluation of accounting firm engagement acceptance/continuation, corporate governance, and regulatory compliance.  Examples of personal information collected include identification data, educational and professional licensing credentials, employment information, driving records, criminal records, sex offender registry records, civil litigation, tax lien, judgment, UCC and bankruptcy filings, credit history, officer affiliations, public company directorships, securities law violations, industry-specific regulatory and disciplinary actions, various global lists that identify high risk individuals/politically exposed persons and parties subject to economic sanction programs administered by the Office of Foreign Assets Control, parties excluded from federal procurement and non-procurement programs, and media sources information.

Accordingly, to perform our Search Services, which involve searching public records either manually or through contracted databases and the Internet, and contacting sources provided by the subject, we may disclose the personal information to our trusted agents, who for example, may be conducting court record searches upon our direction; to an educational institution;  professional licensing body; or other records keeper.

We are also required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements.

As provided under the Privacy Shield, in cases where SI discloses public records or publicly available information from the EU without combining that information with non-public information, its general policies regarding Notice, Choice, and Accountability (as noted below) for Onward Transfer may not apply.

  1. Choice

The individual is provided with a choice—no data is processed without the individual’s Consent. As noted above, we do not use personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. Sensitive information, i.e., personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual or information designated by the transferring organization as sensitive, is rarely processed, but in instances that may necessitate the processing of such information, SI will provide individuals the opportunity to affirmatively and explicitly opt-in through reasonable mechanisms.

  1. Accountability for Onward Transfer

When transferring personal data to a controller, defined as a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data (the “Controller”) or to agents acting on our behalf who are typically retained by SI to perform a part of our Search Services, such as manually searching court records (the “Sub-Processors”), the Notice and Choice Principles apply.  SI enters into contracts with such Controllers and Sub-Processors, as applicable, to ensure compliance with the Privacy Shield. For Controllers, the contract terms include provisions that (i) personal data may only be processed for limited and specified purposes consistent with the individual’s Consent; (ii) the Controller will provide at least the same level of protection as required by the [Privacy Shield] principles; and (iii) the Controller will notify us if it makes a determination that it can no longer meet its obligations; and (iv) when such a determination is made, will cease processing or take other reasonable and appropriate remedial measures to cure the deficiency. In connection with a transfer of personal data to a Sub-Processor, the contract terms are materially similar to those of a Controller, with the additional provision that the Sub-Processor will take reasonable and appropriate steps to ensure that it effectively processes the personal information transferred in a manner consistent with SI’s obligations under the principles.

In the context of an onward transfer, SI has the responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a Sub-Processor.  SI shall remain liable under the principles if its Sub-Processor processes such personal information in a manner inconsistent with the principles, unless SI proves that it is not responsible for the event giving rise to the damage.

  1. Security

SI has a formal risk management program, which includes reasonable administrative, technical, physical and managerial procedures and measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing of and the nature of the personal data.

  1. Data Integrity and Purpose Limitation

SI limits the personal data it collects to information that is relevant and necessary for the purposes of processing, and does not process personal data in a way that is incompatible with the purposes for which it has been collected or authorized by the subject. SI takes reasonable steps to ensure that personal data is reliable, accurate, complete, and current. SI will adhere to the Privacy Shield principles for as long as it retains the personal data transferred in reliance on the Privacy Shield.

SI takes reasonable and appropriate measures to retain personal data only for as long as there is a legitimate legal or business need, which may include those that reasonably serve compliance and legal considerations, auditing, security and fraud prevention, preserving or defending SI’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection.

  1. Access

SI provides access to personal information to the individual about whom it has information, and will correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Privacy Shield principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

  1. Recourse, Enforcement and Liability

In compliance with the Privacy Shield principles, SI commits to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Joann Gold, Executive Vice President and Chief Compliance Officer at 818-227-2571 or via email at or by postal mail at Scherzer International, 21650 Oxnard Street, Suite 300, Woodland Hills, CA 91367.

SI has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive a timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit The services of JAMS are provided at no cost to you.

Under certain conditions, binding arbitration for complaints regarding SI’s Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms may be invoked.  For further information, visit

As noted in the onward transfer principle, in the context of such a transfer, SI has the responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a Sub-Processor. SI shall remain liable under the principle if its Sub-Processor processes such personal information in a manner inconsistent with the principles, unless SI proves that it is not responsible for the event giving rise to the damage.

The Federal Trade Commission (the “FTC”) has jurisdiction over SI’s compliance with the Privacy Shield—SI is subject to its investigatory and enforcement powers. If SI should become subject to an FTC or court order based on non-compliance, SI shall make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.

As noted previously, SI has a formal risk management program, and shall monitor its compliance with this Privacy Shield policy internally.