Last revised: May 25, 2018
This Policy is the sole authorized statement of Scherzer International Corporation’s practices with respect to its online and offline collection of personally identifiable information and the usage of such information. Any summary of this Policy generated by third-party software or otherwise (for example, in connection with the “Platform for Privacy Preferences” or “P3P”) shall have no legal effect, is in no way binding upon Scherzer International Corporation, shall not be relied upon in substitute for this Policy, and neither supersede nor modify this Policy.
This Policy applies to both our online and offline information-gathering and dissemination practices in the United States, where we operate exclusively. If we have a need to obtain information from sources outside the United States, we access the sources from within the United States, or contract with trusted independent third parties to obtain the information.
SI reviews its privacy practices on a regular basis and those practices are subject to change. We ask that you periodically review this page to ensure continuing familiarity with the most current version of the Policy. You can determine when this Policy was last revised by checking the “Last Revised” legend at the top. To contact SI about privacy issues, to report a violation of the Policy or to raise any other issue, email us at firstname.lastname@example.org.
Compliance with Laws and Regulations
SI is a leading provider of comprehensive background reports. Our distinct portfolio includes scalable purpose-specific reports for business transaction due diligence, client acceptance or continuation, employment, corporate governance, and regulatory compliance (collectively, the “Search Services”). A complete description of the Search Services is posted on our website.
SI provides its Search Services domestically and internationally, and complies in all material respects with applicable federal, state and local laws, regulations and orders and any amendments thereto, including, without limitation, and to the extent applicable, the Fair Credit Reporting Act (the “FCRA”) (15 U.S.C. § 1681 et seq.), the California Consumer Credit Reporting Agencies Act (California Civil Code § 1785), the Investigative Consumer Reporting Agencies Act (California Civil Code § 1786), the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.), the Driver Protection Policy Act (18 U.S.C. § 2721 et seq.), the Health Insurance Portability and Accountability Act (42 U.S.C. § 1320d), the fair information practice principles published by the United States Federal Trade Commission, and Regulation 2016/679 of the European Parliament and of the Council the European Union, and the European Commission of April 27, 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR).
When the foregoing or other laws and regulations require that we observe privacy restrictions beyond those specifically stated in this Policy, we undertake our activities in conformance with their requirements and, if the privacy restrictions conflict in any way with these provisions, we abide by the stricter requirements of the relevant laws, rules and regulations.
Preparation and Processing of Consumer Reports and Investigative Consumer Reports
SI performs its Search Services that constitute consumer reports and investigative consumer reports in accordance with the Fair Credit Reporting Act (the “FCRA”) and analogous state and local laws. In connection with these reports, under the FCRA, SI is defined as a consumer reporting agency (“CRA”). In California, SI is considered an Investigative Consumer Reporting Agency (“ICRA”) and has obligations under the California Investigative Consumer Reporting Agencies Act (the “ICRAA”), which is broader in scope than the federal FCRA. SI maintains policies and procedures designed to limit the purposes for, and circumstances under which, it furnishes such reports. SI requires that prospective users of the information identify themselves, certify the purposes for which the report is sought, and that the information will be used for no other purpose. We make reasonable efforts to verify the identity of a new prospective user and the uses certified by such prospective user prior to furnishing a consumer report. We will not furnish a consumer report to any person if we have reasonable grounds for believing that the consumer report will not be used for a purpose listed in FCRA section 604. You can review the Consumer Financial Protection Bureau’s notice of legal obligations to users of consumer reports here.
SI follows reasonable procedures to ensure maximum possible accuracy of the information regarding the subject (consumer) of the report, and conducts reinvestigations of disputed information at the consumer’s request. SI provides consumers with means, upon proper identification, to request access to information that we have collected about them. Any consumer may exercise his/her right to inspect any data about him/her, and to dispute any information pursuant to the FCRA and applicable state law.
If you wish to dispute information that SI provided in a consumer report, obtain a copy of the report or view your file, please contact Carole Scherzer by phone at 800-239-5338, via email at email@example.com, or by postal mail at Scherzer International, 21650 Oxnard Street., Suite 300, Woodland Hills, CA 91367.
FACT Act Disclosure
The FACT Act of 2003 that amended the FCRA allows a consumer to obtain a free copy of his/her consumer file from certain consumer reporting agencies once during a 12-month period. The free annual file disclosure under FCRA § 609(g) is defined as: “. . . all of the information on [you] recorded and retained by a consumer reporting agency regardless of how the information is stored, at the time of [your] request” and is provided pursuant to the Free Annual File Disclosure Rule, 16 C.F.R. Part 610, as follows:
- Once in a 12-month period from national specialty consumer reporting agencies.
- Within 60 days of receiving an adverse action notification.
- Upon providing written certification that the consumer is unemployed and intends to apply for employment within 60 days.
- Upon providing written certification that the consumer is a recipient of public welfare assistance.
- Upon providing written certification that the consumer has reason to believe that the file contains inaccurate information due to fraud.
SI is not a nationwide consumer reporting agency or a nationwide specialty consumer reporting agency, as defined by §§ 603(p) and 603(w) of the FCRA, 15 U.S.C. 1681a(p) and (w), respectively. SI does not create or maintain commercial databases on consumers.
Even if none of the above situations apply, if we prepared a consumer report on you and you would like to obtain a free copy of your consumer file, contact Carole Scherzer by phone at 800-239-5338, via email at firstname.lastname@example.org, or by postal mail at: Scherzer International, 21650 Oxnard Street, Suite 300, Woodland Hills, CA 91367. As indicated above, in order to protect your personal information, we require that you provide certain identification before we release any information.
Personal Information Disclosure: United States or Overseas
SI is a United States company with no foreign offices or “offshoring” of operations. SI prepares its reports based on information available in the United States. Even if a foreign element is involved, SI will attempt to obtain the information through domestic means and sources. In instances that necessitate an in-country verification or research, SI obtains the information directly from the source or, if applicable, through research by a member of our established network of vetted subcontractors. Documentation or information such as passport numbers and dates of birth are not sent to anyone overseas other than the actual verification provider (e.g., school registrar) whenever possible. SI takes reasonable measures to ensure that its handling of personal data on an international basis is safe and secure, which includes requiring its subcontractors who conduct international searches to contractually agree that they will perform SI’s assignments in accordance with applicable laws and regulations, and maintain adequate safeguards with respect to the protection of data privacy and security and the corresponding rights of individuals.
GDPR and Personal Data Transfers from the European Union
The General Data Protection Regulation (GDPR), which became effective May 25, 2018, is designed to harmonize data privacy laws across the European Union (EU)/European Economic Area (EEA) in an effort to protect EEA individuals and empower them to control their personal data (defined as “any information relating to an identified or identifiable natural person” — an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).
The GDPR applies to any company processing personal data in the EEA and to companies outside the EEA that are processing data of EEA residents, where the activities relate to the offering of goods or services. (Note: the EU is an economic and political union of 28 countries plus some of their territories. The EU countries are Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and United Kingdom (since the GDPR became effective before Brexit, when the UK will leave the EU, the UK has stated that it will comply with the GDPR). The territories following EU law are Aruba, Azores, Balearic Islands, Bonaire, Ceuta, Curacao, French Guiana, Gibraltar, Madeira, Martinique, Mayotte, Reunion, Saba, Sint Eustatius, Sint Maarten, Saint Barthélemy, Saint Helena, Saint Martin and Saint Pierre & Miquelon. Countries that are EEA members but not a part of the EU are Iceland, Liechtenstein, and Norway.))
As part of its risk management program, SI has performed a comprehensive assessment of GDPR’s requirements, and made the applicable technical, administrative and documentation changes to meet its compliance obligations. We have also posted a GDPR Notice on our website (see http://www.scherzer.com/gdpr-notice/) that provides an overview of rights regarding your personal data if you are an individual located in the EEA.
The GDPR also requires a reliable mechanism for personal data transfers from the EU to the US. To ensure that EEA data subjects benefit from the safeguards and protection of the GDPR, a privacy framework called the EU-US Privacy Shield (the “Privacy Shield”) was approved by the European Commission in July 2016 as being adequate to enable such data transfers.
SI complies with the Privacy Shield principles regarding the collection, use, and retention of personal information [of individuals located in the EU] transferred from the EU to the US, and accordingly, has certified its compliance to the U.S. Department of Commerce, which administers the program. To learn more about the Privacy Shield program and to view our certification, visit https://www.privacyshield.gov/.
Our Privacy Shield policy is posted on our website at http://www.scherzer.com/eu-us-privacy-shield-policy/.
For questions regarding the GDPR or the Privacy Shield, send an email to email@example.com.
Information We Collect
SI collects personally identifiable information (information from which an individual can be identified, such as full name, email address, physical address, Social Security number, and other data) that both individuals and entities choose to provide to us, only as permitted by law and necessary to perform our Search Services.
We collect some of this data through our password-protected, client-access-only site. All such transactions are strictly between SI and its registered clients, whose legitimate need for the information and permissible purpose has been verified pursuant to section 607(a) of the FCRA, or for other purposes, as applicable.
We also collect information from our clients and others in the course of the Search Services that we provide, and by conducting research using the Internet and other resources.
We do not knowingly collect personally identifiable information from children (minors younger than 18 years of age).
Use and Disclosure of Information
We only use the information that we collect for the purposes for which it is provided and to enhance our Search Services, as follows.
1. Performance of Search Services
We use information that has been provided to us by the client and/or we have collected concerning entities and individuals, pursuant to their authorizations, if applicable, to research or check their representations on applications / resumes and in other contexts relevant to the particular Search Services. Our collection process includes obtaining information from public or contracted (licensed) databases, court records, and other sources, as permitted by law.
We retain vetted independent contractors or other third parties to obtain certain information for the client-requested Search Services, all of whom are contractually bound or have otherwise certified to us, among other terms, that they will protect all PII and use it only for the purpose for which the information was collected.
2. Client Data
We collect information regarding our clients, including business contact information, and retain and use such information in providing our Search Services, or to periodically send informational or promotional e-mails concerning our Search Services. We do not sell the information to third parties.
3. Other Uses of Information
SI does not actively solicit PII. Our Site options allow visitors to send us comments, resumes and other communications. We may keep a record of your contact information and correspondence, and use any information in your message to respond to your inquiry. We keep all PII that you voluntarily provide as confidential.
Our software development partners also may use such information for purposes of modifying, improving, refining and validating technology in connection with the research and development of our systems.
For compliance and emergencies, and subject to applicable laws, we reserve the right to use and release any information that we have collected when we believe in good faith that: the law requires it; that unlawful activity may have taken place; to enforce our other policies or published guidelines; to protect the rights, property, safety or security of SI, our visitors or the public; or to respond to an emergency.
Use of Data by Clients and Others
We cannot and do not assume any responsibility for the actions or omissions of third parties, such as clients, service providers or strategic partners, including the manner in which they use information received either from SI or from other independent sources.
The Site may contain links to other Internet websites. Unless expressly stated otherwise, we are not responsible for the privacy practices or the content of these websites, including these sites’ use of any information collected through cookies or other technologies when visitors to our Site click through links to those sites.
You should review the privacy policies associated with these other sites to understand how their operators collect and use information. THIS POLICY DOES NOT ADDRESS THE PRIVACY OR INFORMATION PRACTICES OF ANY THIRD PARTIES.
SI monitors visitor traffic patterns throughout the Site by logging tracking data, which is collected automatically from each Site visitor. Tracking data may include information such as the IP address of the visitor’s computer, its browser type and operating system, the referring site, and which pages of the Site were visited, the order in which they were visited and which hyperlinks were clicked. SI uses tracking data and other non-personally identifiable information in aggregate form to perform statistical analyses of the collective characteristics and behavior of our visitors, and to measure demographics and interests regarding specific areas of the Site.
We do not use “cookies” (small text files placed on a visitor’s computer hard drive) or other technologies on the Site to determine personally identifiable information.
“Sensitive data,” for the purposes of our Search Services is defined as data regarding health conditions, racial or ethnic status, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation and activity, and is generally not collected, used and/or retained by SI.
Certain Public Records
From time to time, we encounter various forms of certain public records that may or may not be relevant to the searches we perform. For example, while searching for court records, we may find divorce, custody, or probate records. We treat this information on a case-by-case basis. Absent a specific request from a client, it is our general policy not to include these records in our reports because they are either irrelevant to the purpose of our report or ambiguous as to a personal involvement, fault or culpability. If a client requests the information, then we will deliver it, if we are legally permitted to do so.
SI may occasionally implement special features on the Site and additional privacy information may be posted. That privacy information, to the extent it conflicts with this Policy, will govern that particular feature.
Security and Disposal of Information
We take all reasonable administrative, technical, physical and managerial procedures to protect personally identifiable information from loss, misuse, unauthorized access, disclosure, alteration and destruction. Any personal data transmitted to or from our website is protected by a secure socket layer (SSL) key which encrypts the transmitted data. We maintain strong privacy and data security policies and practices, including password controls based on length, complexity and unpredictability.
The information we collect is stored on a secure server network, protected by firewalls and other security measures. The security of our servers is state-of-the-art and has passed audits by third parties, as have all of our applicable security procedures.
All SI employees have signed information privacy, confidentiality, and security agreements, among other agreements, and are regularly trained in related practices and procedures. SI has a comprehensive risk management program, which is overseen by our Audit and Ethics Committee appointed by the board of directors.
In the event that SI destroys any documents containing PII during the course of its relevant Search Services, such destruction is accomplished in accordance with the approved document disposal rules formulated by the FTC. Any documents containing PII are deposited in secure containers for shredding and disposal by a vetted and bonded commercial shredding company. Unless legally required otherwise, it is SI’s policy to retain information in connection with our Search Services for a minimum of seven years.
Data Breach Notification
In the event of a data breach, we will respond in accordance with the particular circumstances that trigger a notice requirement under federal, state and international laws, taking into consideration that different and sometimes conflicting laws may apply to the same data security incident depending on factors such as the industry sector involved and the residency of the affected individuals. If we have an obligation under the GLBA, we will conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. If we determine that misuse has occurred or is reasonably possible, we will notify the affected consumer(s) as soon as possible. However, a consumer notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with criminal investigation and provides to us a written request for the delay. We then will notify the consumers as soon as notification will no longer interfere with the investigation.
Our Contact Information
1. For Policy Questions or to Obtain Copy of Policy
Please contact us by email at firstname.lastname@example.org or by postal mail at:
Attn: Privacy Coordinator
21650 Oxnard Street, Suite 300
Woodland Hills, CA 91367
2. To Dispute Information
If you are a consumer who wants to dispute the accuracy or completeness of information contained in a consumer report/investigative consumer report prepared by SI, please contact Carole Scherzer at 800-239-5338, via email at email@example.com, or by postal mail at the address noted here, indicating which part(s) of the report you are contesting, the reasons you believe the information is incorrect or incomplete, and any other information you deem relevant to your dispute. We will promptly investigate your dispute and advise you of the results within 30 days of receipt.
3. To Obtain a Free Copy of Your Consumer Report or Consumer File
If you know or believe that SI has prepared a consumer report on you, and you would like to receive a free copy of the report or your consumer file from SI, please also contact Carole Scherzer, at 800-239-5338,via email at firstname.lastname@example.org or by postal mail at Scherzer International, 21650 Oxnard Street, Suite 300, Woodland Hills, CA 91367.
In order for us to release any information, “proper identification” is required. Proper identification includes documents such as a valid driver’s license, Social Security number, military identification card and credit cards.