This policy outlines how personally identifiable information and other personal data will be collected, used, and shared in connection with access to and/or use of the the Crimcheck screening platform, public website, and any content, features, services, or other offerings that Crimcheck provides in connection with its services.
Notice to EU Individuals: this Privacy Statement and its enumerated policies are intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “General Data Protection Regulation” or “GDPR”) and provide appropriate protection and care with respect to the treatment of your user information in accordance with the GDPR.
- How do we collect information from you?
- What type of information is collected?
- Our public website – www.crimcheck.net
- Our private client/applicant service portal
- How is your information used?
- Who has access to your information?
- Your rights
- Additional Information for EU Citizens
- Additional Information for Canadian Users
The information that we collect about you depends on how you are using our website or services. Information about the differing collection types is detailed below. Crimcheck does not collect, process or transfer personal information for any purpose other than the legal purpose for which it was originally intended.
When you fill out a web-form to sign up to download a resource, or inquire about a product, we may ask you to provide certain personal information, including your:
- Email address
- Job title & the organization you work for
- Telephone number
By completing the form and ticking the relevant boxes you are providing your consent for Crimcheck to process this personal data, and this is the legal basis we are relying on to do so.
We will use the information that you give us to send you relevant emails containing Crimcheck news and marketing communications. Your information will be stored by a third party data processor; IBM Cloud, whose servers are located in the United States, you can read their privacy information here.
In addition, if you have inquired about a product or service we will use the information you have given us to update our customer relationship management system so one of our consultants or advisors can contact you. This information will also be stored by IBM Cloud.
Third-party cookies are placed by Facebook, and LinkedIn and more information about them can be found by consulting these third parties’ privacy policies, which you can access by clicking each third party’s name in this paragraph.
Note that Crimcheck will not provide any personally identifiable information to third parties for their own marketing purposes.
The private Crimcheck client portal is secured and only available to authorized client users. Crimcheck logs information about a user’s IP address, browser type and the current URL, and logs usage throughout the site for security purposes. These log files are stored in a secure location and used in our internal analysis of user logs within our system.
You may be asked for your personal information by a potential employer or business partner in order to facilitate background screening for the purpose of employment or due diligence. This personal information may be relayed or directly input by yourself to Crimcheck for collection as part of contracted services.
The personal information we collect might include, but is not limited to the following:
Name (First and Surname)
Mothers maiden name
Date of birth
Social Security Number/National Identification Identifiers
Criminal record information
All personal information collected is relevant and necessary for Crimcheck to perform our obligations thereon.
Any personal data categorized as ‘special data’ under the GDPR will require the data controller (typically an employer) to either have explicit consent from the individual with notice that processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment or business due diligence.
Onward Transfer (Transfer to Third Parties)
Crimcheck provides information about data subjects only to our clients and agents, such as third party subcontractors of Crimcheck who are contractually authorized to receive such information for limited and specified purposes only. Crimcheck ensures that any third party for which personal information may be disclosed subscribes to privacy principles consistent with United States law and European data protection directives or are subject to laws providing the same level of privacy protection and agree in writing to provide an adequate level of privacy protection.
We will use the information you give to us to:
Our Clients and Website Visitors
- To carry out our obligations arising from any contracts entered into between our clients and us and to provide you with the information, products and services that are requested from us.
- For the purposes for which you provided it;
- To create your account and enable you to use the Services;
- To verify your identity;
- To provide information about the features and functionality of the Services;
- For customer support and to respond to your inquiries;
- To respond to and fulfill your requests;
- To improve the Services;
- For internal record-keeping purposes and for legal purposes;
- To address fraud or safety concerns, or to investigate complaints or suspected fraud or wrongdoing; and
- To resolve disputes, to protect ourselves and other users, and to enforce any legal terms that govern your use of the Services.
If you are a prospective customer, you will only be marketed to, if you have explicitly agreed to it; Third-party services used in marketing to existing clients include Constant Contact and Unbounce. More information can be found by consulting these third parties’ privacy policies, which you can access by clicking each third party’s name in this paragraph.
Employee and Applicant Information
Crimcheck may collect information from employees and job applicants to perform background screening functions. Individuals will be informed of the purposes for which Crimcheck collects and uses the personal information.
Crimcheck will provide the Individual with the choice and means, if any, for limiting the use and disclosure of their personal information when required, in accordance with federal and state laws. Disclosures or notices will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Crimcheck, or as soon as practicable thereafter, and in any event before Crimcheck uses or discloses the information for a purpose other than for which it was originally collected. Employee and/or applicant information will never be used for any purpose other than it was originally intended, will not be sold, and never be used for marketing purposes. It will only be shared with third parties when necessary and as needed for the completion of background check services.
Crimcheck may disclose personal information on consumers to third parties in connection with the business transaction and purpose for which it was collected. Third party disclosure of the personal information may include the requesting client company, institutions, employers, courts, law enforcement agencies, third party agents, and other persons, businesses or government agencies as necessary for Crimcheck to complete a background check services.
Crimcheck does not sell or market to the personal information of job applicants, employees or data report subjects.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, but not longer, or as long as is set out in any relevant contract held with us.
We will not sell or rent your information to third parties.
Third Party Service Providers working on our behalf:
We may pass your information to our third-party service providers, agents, sub-contractors and other associated organizations for the purposes of completing tasks and providing services to you or on your behalf (for example to process payments or provide a specific record check). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Please be assured that we will not release your information to third parties beyond the Crimcheck network for them to use for their own direct marketing purposes.
Information sources outside of the United States may be contacted, at the client’s request, in order verify information claimed by an applicant which took place outside of the United States. All personal information will be transmitted and stored in a secure manner in accordance with the terms of this Privacy Notice. In the case of international searches, personal information may be transferred to other countries, including countries that have inadequate privacy laws according to the European Commission or other data protection commissions and/or government authorities.
There are laws and regulations designed to protect PII in digital form. Examples of laws include the, the US Health Insurance Portability and Accountability Act (HIPAA), the Privacy Act in Australia, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and the General Data Protection Directive in the European Union.
In addition to the company’s safeguards that meet these standards, personal data of EU citizens is protected by the General Data Protection Regulation (GDPR).
Crimcheck confirms that the data we hold about you will be processed lawfully and fairly. It will be kept securely to prevent unauthorized access by other people. If you have concerns about the processing of your personal data by Crimcheck, you may contact us at firstname.lastname@example.org. If you find any inaccuracies with the personal data we retain, we will delete or correct them promptly, if permitted by U.S. law.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for marketing purposes. You can exercise your right to prevent such processing by checking the relevant boxes on the forms we use to collect your data. You can also exercise that right at any time by contacting us at email@example.com.
Right to Access Your Information
The General Data Protection Regulation (GDPR) provides EU citizens with the right to access any information held about you. You can assert this right at any time. We will provide a copy of your information, free of charge.
However, we do reserve the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. We also reserve the right to charge a reasonable fee to comply with further copies of the same information. Any fee will be based on the administrative cost of providing the information. We will endeavor to supply this information without delay and at the latest within one month of receipt. If the request is complex or numerous we can extend this period by a further two months. You will be informed, if this is the case, within one month of the request with an explanation as to why it is necessary.
For the purpose of the General Data Protection Regulation (GDPR) 2016/679, the data controller and/or processor is Crimcheck, a company located and operating in the United States, and who can be contacted at 877-992-4325 or firstname.lastname@example.org.
Our legal grounds for using personal data are as follows:
- Contractual Commitments: We may use, share, or disclose information to honor our contractual commitments to you.
- With Your Consent: Where required by law, and in some other cases, we use, share, or disclose information on the basis of your consent.
- Legitimate Interests: In many cases, we use, share, or disclose information on the ground that it furthers our legitimate business interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as customer service, analyzing and improving our business, providing security for our Services, preventing fraud, and managing legal issues.
- Legal Compliance: We need to use, share, and disclose information in certain ways to comply with our legal obligations.
Recourse, Enforcement and Liability
Data Protection Officer
Jeri L. Johansen
150 Pearl Rd. Brunswick, OH 44212
Phone: +1 877-992-4325 x 104
Transferring your information outside of the United States
As part of the services offered from Crimcheck for international criminal, education or employment purposes, the information which you provide to us may be transferred to countries outside the United States. These countries may not have similar data protection laws to the United States. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the US in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. If your data is transferred outside of the US it will be done so to allow us to perform any contractual obligations that are required to provide the services, you or (your employer/potential employer) has requested from us.
Security Precautions in Place
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information is encrypted and protected while in transit with 256 Bit SSL encryption. When you are on a secure page, a padlock icon will appear on the address bar of web browsers such as Google Chrome.
Our websites are scanned on a regular basis for known vulnerabilities including regular malware scanning. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have authorized access to such systems and are required to keep the information confidential. Crimcheck cannot ensure or warrant the security of any information you transmit to us by e-mail, and you do so at your own risk.
Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and we also recommend you change your password regularly.
Security breach notification
Crimcheck shall give notice to each organization administrator when the organization’s user information was, or it is reasonably believed to have been, inappropriately accessed as a result of a security breach. Said notice shall be made immediately upon confirmed discovery of the breach (including fulfilling our obligation under the GDPR to notify the ICO within 72 hours) and the time necessary such as to allow Crimcheck to determine the scope of the breach, to identify organizations and individuals affected by the breach, and to restore reasonable integrity of the data system that was breached.
This Policy applies to customers, users and applicants in both Canada and the United States. However, to the extent that this Policy is inconsistent with any applicable Canadian laws, Crimcheck will comply with the applicable law for customers, users and applicants in Canada. For example, Crimcheck will only send commercial electronic messages to persons located in Canada with explicit, opt-in consent, unless otherwise permitted pursuant to Canadian legislation that is applicable to such activities.
Applicants who are located in Canada should also understand that the nature of the Services will involve Crimcheck obtaining potentially sensitive personal information about them, including consumer reports, criminal record, driving record, as well as education and employment records, from third parties such as consumer reporting agencies, police services and government agencies (e.g., provincial transportation ministries).
Crimcheck will also share Applicants’ personal information with a third party service provider in Canada, for the purpose of completing or facilitating the background checks described in this Policy.
In addition, personal information that is collected in the course of providing the Services will be transferred outside Canada. Therefore, such information may be accessible to law enforcement and national security authorities in the jurisdiction(s) where it is stored or processed.
Canadian customers, users and applicants will be notified of any material changes to this Policy, where such change would result in use or disclosure of their personal information by Crimcheck in a manner not contemplated by this Policy or reasonably expected by the individual.