LAST REVISED: July 1, 2013
This Policy is the sole authorized statement of Scherzer International Corporation’s practices with respect to its online and offline collection of personally identifiable information and the usage of such information. Any summaries of this Policy generated by third-party software or otherwise (for example, in connection with the “Platform for Privacy Preferences” or “P3P”) shall have no legal effect, are in no way binding upon Scherzer International Corporation, shall not be relied upon in substitute for this Policy, and neither supersede nor modify this Policy.
This Policy applies to both our online and offline information-gathering and dissemination practices in the United States, where we operate exclusively. If we have a need to obtain information from sources outside the United States, we access the sources from within the United States, or contract with trusted independent third-parties to obtain the information.
SI reviews its privacy practices on a regular basis and those practices are subject to change. We ask that you periodically review this page to ensure continuing familiarity with the most current version of the Policy. You can determine when this Policy was last revised by checking the “Last Revised” legend at the top of the Policy. To contact SI about privacy issues, to report a violation of the Policy or to raise any other issue, e-mail us at email@example.com.
COMPLIANCE WITH LAWS AND REGULATIONS
SI is a leading provider of comprehensive background reports. Our distinct portfolio includes scalable purpose-specific reports for business transaction due diligence, client acceptance or continuation, employment, corporate governance, and regulatory compliance (collectively, the “Search Services”). A complete description of the Search Services is posted on our website.
SI, a California corporation, provides its Search Services nationally and internationally, and complies with all applicable privacy laws, rules and regulations. Such laws include, but are not limited to, the Gramm-Leach-Bliley Act (P.L. 106-102) (15 U.S.C. §6801 et seq.), the Fair Credit Reporting Act (15 U.S.C. §1681 et seq.), the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. §1320d), the fair information principles published by the United States Federal Trade Commission, and The Data Protection Act 1998 and Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and applicable regulations and any applicable secondary legislation, regulations, and orders.
When the foregoing or other laws and regulations require that we observe privacy restrictions beyond those specifically stated in this Policy, we undertake our activities in conformance with their requirements and, if the privacy restrictions conflict in any way with these provisions, we abide by the stricter requirements of the relevant laws, rules and regulations.
Each client retains SI’s services pursuant to specific contractual areements, which require, among other terms, that SI maintain all personally identifiable information (“PII”) as confidential. This includes not reselling the information or using the information for any other purpose.
PREPARATION AND PROCESSING OF CONSUMER REPORTS AND INVESTIGATIVE CONSUMER REPORTS
SI performs its Search Services that constitute consumer reports and investigative consumer reports in accordance with the Fair Credit Reporting Act (the “FCRA”) and analogous state consumer reporting laws, rules, regulations, codes and statutes. In connection with these reports, under the FCRA, SI is defined as a consumer reporting agency (“CRA”). In California, SI is considered an Investigative Consumer Reporting Agency (“ICRA”) and has obligations under the California Investigative Consumer Reporting Agencies Act (the “ICRAA”), which is broader in scope than the federal FCRA. SI maintains policies and procedures designed to limit the purposes for, and circumstances under which, it furnishes such reports. [The FCRA § 607(a) provides that "... every consumer reporting agency shall maintain reasonable procedures designed to avoid violations of section 605 § 1681c and to limit the furnishing of consumer reports to the purposes listed under section 604 § 1681b of this title. These procedures shall require that prospective users of the information identify themselves, certify the purposes for which the information is sought, and certify that the information will be used for no other purpose. Every consumer reporting agency shall make a reasonable effort to verify the identity of a new prospective user and the uses certified by such prospective user prior to furnishing such user a consumer report. No consumer reporting agency may furnish a consumer report to any person if it has reasonable grounds for believing that the consumer report will not be used for a purpose listed in section 604."]
SI follows reasonable procedures to ensure maximum possible accuracy of the information regarding the subject (consumer) of the report, and conducts reinvestigations of disputed information at the consumer’s request. SI provides consumers with means to request, upon proper identification, access to information that we have collected about them. Any consumer may exercise his/her right to inspect any data about him/her, and to object to any data pursuant to the FCRA and applicable state law.
If you wish to dispute information that SI provided in a consumer report, obtain a copy of the report, or view your file, please contact Carole Scherzer by phone at 800-239-5338, via e-mail at firstname.lastname@example.org, or by postal mail at: Scherzer International, 6351 Owensmouth Ave., Suite 213, Woodland Hills, CA 91365.
Below is a summary of your rights under California Civil Code §1786.22 in a) English followed by its b) Spanish translation.
a) You have a right to visually inspect during normal business hours and upon a reasonable notice to the ICRA, your file(s) and all information contained in your file(s) as provided under the California Civil Code. The ICRA is required to accommodate this inspection, as follows:
- In person, if you furnish proper identification. A copy of the file will also be available to you for a fee not to exceed the actual costs of copying.
- By certified mail, if you make a written request, with proper identification, for copies to be sent to a specified address. However, an ICRA complying with a request for such a mailing will not be liable for disclosures to third-parties caused by mishandling of the mail after it leaves its premises.
- By telephone, if you have made a written request, with proper identification for telephone disclosure.
“Proper identification” includes documents such as a valid driver’s license, Social Security card/number, military identification card, and credit cards. Only if you cannot identify yourself with such information may the ICRA require additional information concerning your employment and personal or family history in order to verify your identity.
The ICRA will provide trained personnel to explain any information furnished to you pursuant to §1786.10. The ICRA also will provide a written explanation of any coded information contained in your file. This written explanation will be distributed whenever a file is provided to you for visual inspection.
You may be accompanied by one other person of your choice when you come to inspect you file. This person must furnish reasonable identification. The ICRA may require you to furnish a written statement granting permission to the ICRA to discuss your file in your companion’s presence.
b) Usted tiene derecho a inspeccionar visualmente durante horas laborales normales según aviso razonable a la Agencia de informes de investigación del consumidor (“ICRA”), sus archivos y toda la información contenida en sus archivos como se prevé en el Código Civil de California. El ICRA esta obligado a complacer esta inspección, como sigue:
- En persona, si usted presenta la identificación adecuada. Una copia del archivo estará disponible a usted por una cantidad que no debe exceder los costos reales de copiar.
- Por correo certificado, si hace una solicitud por escrito, con la identificación adecuada, de copias ser enviadas a una dirección especificada. Sin embargo, una ICRA cumpliendo con una solicitud por escrita, no será responsable por la revelación a terceros causados por mal uso del correo después de salir de sus establecimientos.
- Por teléfono, si usted ha hecho una solicitud por escrito, con identificación adecuada para revelación telefónica.
“Adecuada Identificación” incluye documentos como licencia de conducir vigente, número de la tarjeta de Seguridad Social, tarjeta de identificación militar y tarjetas de crédito. Sólo si no puede identificarse con esa información el ICRA puede pedir información adicional sobre su empleo y antecedentes personales o familiares con el fin de verificar su identidad.
El ICRA proporcionará personal capacitados para explicar cualquier información proporcionada a usted en virtud de la §1786.10. El ICRA también proporcionará una explicación por escrito de cualquier información codificada contenida en el archivo. Esta explicación se distribuirá cuando se proporciona un archivo para inspección visual.
Usted puede ser acompañado por otra persona de su elección cuando usted viene a inspeccionar su archivo. Esta persona debe presentar identificación razonable. El ICRA puede requerir un permiso de concesión de declaración escrita a la ICRA para discutir su archivo en la presencia de su acompañante.
FACT ACT DISCLOSURE
The FACT Act of 2003 that amended the FCRA allows a consumer to obtain a free copy of his/her consumer file from certain consumer reporting agencies once during a 12-month period. The free annual file disclosure under FCRA § 609(g) is defined as: “…all of the information on [you] recorded and retained by a consumer reporting agency regardless of how the information is stored, at the time of [your] request” and is provided pursuant to the Free Annual File Disclosure Rule, 16 C.F.R. Part 610, as follows:
- Once in a twelve-month period from national specialty consumer reporting agencies.
- Within 60 days of receiving an adverse action notification.
- Upon providing written certification that the consumer is unemployed and intends to apply for employment within 60 days.
- Upon providing written certification that the consumer is a recipient of public welfare assistance.
- Upon providing written certification that the consumer has reason to believe that the file contains inaccurate information due to fraud.
SI is not a nationwide consumer reporting agency or a nationwide specialty consumer reporting agency, as defined by §§ 603(p) and 603(w) of the FCRA, 15 U.S.C. 1681a(p) and (w), respectively. SI does not create or maintain databases on consumers.
Even if none of the above situations apply, if we prepared a report on you, and you would like to obtain a free copy of your consumer file, contact Carole Scherzer by phone at 800-239-5338, via e-mail at email@example.com, or by postal mail at: Scherzer International, 6351 Owensmouth Ave., Suite 213, Woodland Hills, CA 91365. As indicated above, in order to protect your personal information, we require that you provide certain identification before we release any information.
PERSONAL INFORMATION DISCLOSURE: UNITED STATES OR OVERSEAS
SI is a United States company with no foreign offices or “offshoring” operations. SI prepares its reports based on information available in the United States; even if a foreign element is involved, SI will attempt to obtain the information through domestic means and sources. In instances that necessitate an in-country verification or research, SI obtains the information directly from the source or, if applicable, through research by a member of our established network of carefully-vetted subcontractors. Documentation or information such as passport numbers and dates of birth are not sent to anyone overseas other than the actual verification provider (e.g. school registrar) whenever possible. As indicated in this Policy, SI complies with the U.S.-EU Safe Harbor and the U.S.-Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union (“EU”) member countries and Switzerland, and requires its foreign subcontractors to sign contracts affirming that they will perform SI’s assignments in accordance with these privacy frameworks and applicable laws and regulations. For non-member countries, also pursuant to contractual agreements, we require that our subcontractors maintain adequate safeguards with respect to the protection of data privacy and the corresponding rights of individuals.
SAFE HARBOR PROVISIONS
SI complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union (“EU”) member countries and Switzerland. SI has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view SI’s certification, visit http://www.export.gov/safeharbor/
SI fulfills its obligations under these principles, as follows:
Since many of SI’s Search Services for which data may be collected, used, and/or retained from the EU member countries and Switzerland require explicit authorization from the subject under the FCRA, or in accordance with SI’s internal policy obligations, we provide relevant notices (which, among other provisions, state the purpose for the collection of information and its use), either directly to the subject or indirectly through our clients.
Our clients, who contractually agree to abide by all laws and regulations in connection with our Search Services, accordingly may furnish the applicable notice(s) to the subject. These notices also contain instructions for disputing inaccurate information, and contacting SI in connection with same.
In connection with our Search Services that are not governed by the FCRA, we also require an authorization from the subject, as applicable, and follow notice considerations similar to the ones noted above.
As noted above, in many cases, our affected Search Services are governed by the FCRA and require an explicit authorization of the subject for their procurement. Therefore, a consumer opt-out determinate is the subject’s refusal to provide such authorization to SI to obtain information for a report.
In other cases, as applicable, we also require an authorization from the subject, and follow the foregoing opt-out consideration.
3) Onward Transfer
When SI contracts with a third-party in connection with its Search Services and the transfer of personally identifiable information is involved, SI requires these third-parties (all of whom have been vetted by SI) to certify to SI that the said third-party subscribes to the Safe Harbor principles, or that the third-party is subject to the European Union’s Directive on Data Protection or another adequacy finding that complies with the directive and Safe Harbor requirements. SI verifies their representations, as applicable.
SI also requires its affected clients to, at a minimum, provide the same level of privacy protection as is mandated by the Directive and Safe Harbor.
We take all reasonable administrative, technical, physical and managerial procedures to protect personally identifiable information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Any personal data transmitted to or from us is protected by a secure socket layer (SSL) key which encrypts the transmitted data. We maintain strong privacy and data security policies and practices, including password controls based on length, complexity, and unpredictability.
The information we collect is stored on a secure server network, protected by firewalls and other security measures. The security of our servers is state-of-the art, and has passed audits by third-parties, as have all of our applicable security procedures.
5) Data Integrity
The only information collected, used, and/or retained from the EU member countries and Switzerland is data that is necessary for the purposes of performing SI Search Services. SI takes reasonable steps to ensure that the data is relevant, reliable, accurate, complete, and current, which is also a practice consistent with the requirements of Section 613 of the FCRA.
“Sensitive information,” which for purposes of the Safe Harbor principles is specified as data regarding health conditions, racial or ethnic status, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation and activity, is not collected, used, and/or retained from the EU member countries and Switzerland.
As indicated herein, most of SI’s Search Services for which data may be collected, used, and/or retained from the EU member countries and Switzerland, are governed by the FCRA. Accordingly, SI follows its requirements, including providing to the subject a disclosure of the file contents that we maintain about him/her, if any, and reinvestigating disputed information.
Under certain circumstances, a consumer is entitled to a free copy of his/her report, and under all circumstances, to a copy of his/her report under the terms of the FCRA.
In the rare instances that FCRA rights of access, dispute, and correction do not apply, we provide a mechanism for consumers to correct, amend, or delete their personal information where it is inaccurate, except in cases where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question; where the rights of persons other than the individual would be violated, or with respect to consumer requests for the correction or deletion of information, in cases where SI is otherwise legally required to retain the personal information. See our Policy contact information to contact us in such situations.
SI reserves the right to undertake reasonable efforts to confirm the identity of anyone requesting its data.
Although we make every effort to ensure that the data we collect and store is as accurate as possible, we cannot guarantee that the information transferred from third-parties is accurate, and, therefore, we are not responsible for the data.
SI internally monitors and assesses its compliance with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the EU member countries and Switzerland. SI has selected the American Arbitration Association as its unbiased mechanism in the event that a complaint about our compliance with these provisions cannot be resolved by working directly with the affected consumer.
INFORMATION WE COLLECT
SI collects personally identifiable information (that is, information from which an individual can be identified, such as full name, e-mail address, physical address, Social Security number, and other data) that both individuals and entities choose to provide to us, only as permitted by law and necessary to perform our Search Services.
We collect some of this data through our password protected client-access only site. All such transactions are strictly between SI and its registered clients, whose legitimate need for the information and permissible purpose has been verified pursuant to section 607(a) of the FCRA, or for other purposes, as applicable.
We also collect information from our clients and others in the course of the Search Services that we provide, and by conducting research using the Internet and other resources.
We do not knowingly collect personally identifiable information from children (that is, minors younger than 18 years of age).
USE AND DISCLOSURE OF INFORMATION WE COLLECT
We only use the information that we collect for the purposes for which it is provided and to enhance our Search Services. The following describes the specific ways in which we may use personally identifiable data and other information. These descriptions are examples, and should not be considered as a complete list of the ways in which we may use or disclose information that we have collected.
1) Performance of Search Services
We use information that has been provided to us by the client and/or we have collected concerning entities and individuals, pursuant to their authorizations, if applicable, to research or check their representations on applications/resumes and in other contexts relevant to the particular Search Services. Our collection process includes obtaining information from public or contracted (licensed) databases, court records, and other sources, as permitted by law.
We retain vetted independent contractors or other third-parties to obtain certain information for the client-requested Search Services, all of whom are contractually bound or have otherwise certified to us that they will protect all PII and use it only for the purpose for which the information was collected.
2) Client Data
We collect information regarding our clients, including business contact information, and retain and use such information in providing our Search Services, or to periodically send informational or promotional e-mails concerning our Search Services. We do not sell the information to third-parties.
3) Other Uses of Information
SI does not actively solicit PII. Our Site options allow visitors to send us comments, resumes, and other communications. We may keep a record of your contact information and correspondence, and use any information in your message to respond to your inquiry. We keep all PII you voluntarily provide as confidential.
We work with third-parties which provide services that may include, but are not limited to, assessment including validation services, data analysis, and other administrative, back-up and security services. We reserve the right to share personally identifiable and other information with such third-parties for the purpose of providing their services to us.
Our software development partners also may use such information for purposes of modifying, improving, refining and validating of technology in connection with the research and development of our systems.
For compliance and emergencies, and subject to applicable laws, we reserve the right to use and release any information that we have collected when we believe in good faith that the law requires it, that unlawful activity may have taken place, to enforce our other policies or published guidelines, to protect the rights, property, safety or security of SI, our visitors or the public, or to respond to an emergency.
USE OF DATA BY CLIENTS AND OTHERS
We cannot and do not assume any responsibility for the actions or omissions of third-parties, such as clients, service providers or strategic partners, including the manner in which they use information received either from SI or from other independent sources.
The Site may contain links to other Internet websites. Unless expressly stated otherwise, we are not responsible for the privacy practices or the content of these websites, including these sites’ use of any information collected through cookies or other technologies when visitors to our Site click through links to those sites.
You should review the privacy policies associated with these other sites to understand how their operators collect and use information. THIS POLICY DOES NOT ADDRESS THE PRIVACY OR INFORMATION PRACTICES OF ANY THIRD-PARTIES.
SI monitors visitor traffic patterns throughout the Site by logging tracking data, which is collected automatically from each Site visitor. Tracking data may include information such as the IP address of the visitor’s computer, its browser type and operating system, the referring site, which pages of the Site were visited, the order in which they were visited and which hyperlinks were “clicked.” SI uses tracking data and other non-personally identifiable information in aggregate form to perform statistical analyses of the collective characteristics and behavior of our visitors, and by measuring demographics and interests regarding specific areas of the Site.
We do not use “cookies” (i.e., small text files placed on a visitor’s computer hard drive) or other technologies on the Site to determine personally identifiable information.
CERTAIN SENSITIVE DATA
“Sensitive data,” which for purposes of our Search Services and Safe Harbor principles is specified as data regarding health conditions, racial or ethnic status, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation and activity, is not collected, used, and/or retained by SI.
CERTAIN PUBLIC RECORDS
From time to time, we encounter various forms of certain public records which may or may not be relevant to the searches we perform. For example, while searching for court records, we may discover that records have been sealed or expunged, or we may be afforded access to these records, or we may encounter divorce, custody or juvenile records. We treat this information on a case-by-case basis. Absent a specific request from a client, it is our general policy not to include these records in our reports because they are either irrelevant to the purpose of our report or ambiguous as to a personal involvement, fault or culpability. If a client requests the information, then we will deliver it, if we are legally permitted to do so.
SI may occasionally implement special features on the Site and additional privacy information may be posted. That privacy information, to the extent it conflicts with this Policy, will govern that particular feature.
SECURITY AND DISPOSAL OF INFORMATION
We take all reasonable administrative, technical, physical and managerial procedures to protect personally identifiable information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Any personal data transmitted to or from our website is protected by a secure socket layer (SSL) key which encrypts the transmitted data. We maintain strong privacy and data security policies and practices, including password controls based on length, complexity, and unpredictability.
The information we collect is stored on a secure server network, protected by firewalls and other security measures. The security of our servers is state-of-the-art and has passed audits by third parties, as have all of our applicable security procedures.
All employees who have access to PII provided to or collected by SI have signed privacy agreements and are regularly trained in privacy practices and procedures. SI maintains a written information security policy in conformity with the Massachusetts requirements pursuant to 201 CMR 17.00 Standards for the Protection of Personal Information of Residents of the Commonwealth.
In the event that SI destroys any information provided by employers, their applicants, or third-parties during the course of its relevant Search Services, such destruction is accomplished in accordance with the approved document disposal rules formulated by the FTC. Any documents containing PII is deposited in secure containers for shredding and disposal by a reputable bonded commercial shredding company, among other obligations.
Information in connection with our Search Services is retained for a minimum of seven years.
DATA BREACH NOTIFICATION
In the event of a data breach, we will respond in accordance with the particular circumstances that trigger a notice requirement under the federal and state laws, taking into consideration that different and sometimes conflicting laws may apply to the same data security incident depending on factors such as the industry sector involved and the residency of the affected individuals. If we have an obligation under the GLBA, we will conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. If we determine that misuse has occurred or is reasonably possible, we will notify the affected consumer(s) as soon as possible. However, a consumer notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with criminal investigation and provides to us a written request for the delay. We then will notify the consumers as soon as notification will no longer interfere with the investigation.
OUR CONTACT INFORMATION
1) For Policy Questions or to Obtain Copy of Policy
Please ontact us by e-mail at firstname.lastname@example.org or by postal mail at:
6351 Owensmouth Ave., Suite 213
Woodland Hills, CA 91367
Attn: Privacy Coordinator
2) To Dispute Information
If you are a consumer who wants to dispute the accuracy or completeness of information contained in a consumer report/investigative consumer report prepared by SI, please contact Carole Scherzer at 800-239-5338, via e-mail at email@example.com, or by postal mail at the address noted above, indicating which part(s) of the report you are contesting, the reasons you believe the information is incorrect or incomplete, and any other information you deem relevant to your dispute. We will promptly investigate your dispute and in most cases, advise you of the results within 30 days of receipt.
3) To Obtain a Free Copy of Your Consumer Report or Consumer File
If you know or believe that SI has prepared a consumer report on you, and you would like to receive a free copy of the report or your consumer file from SI, please also contact Carole Scherzer, using the contact options noted above.
In order for us to release any information, “proper identification” is required. ”Proper identification” includes documents such as a valid driver’s license, Social Security number, military identification card, and credit cards.