This policy outlines how personally identifiable information and other personal data will be collected, used, and shared in connection with access to and/or use of the the Crimcheck screening platform, public website, and any content, features, services, or other offerings that Crimcheck provides in connection with its services.
Notice to EU Individuals: this Privacy Statement and its enumerated policies are intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “General Data Protection Regulation” or “GDPR”) and provide appropriate protection and care with respect to the treatment of your user information in accordance with the GDPR.
How do we collect information from you?
The information that we collect about you depends on how you are using our website or services. Information about the differing collection types is detailed below. Crimcheck does not collect, process or transfer personal information for any purpose other than the legal purpose for which it was originally intended.
What type of information is collected from you?
Our public website – www.crimcheck.net
When you fill out a web-form to sign up to download a resource, or inquire about a product, we may ask you to provide certain personal information, including your:
- Name
- Email address
- Job title & the organization you work for
- Telephone number
By completing the form and ticking the relevant boxes you are providing your consent for Crimcheck to process this personal data, and this is the legal basis we are relying on to do so.
We will use the information that you give us to send you relevant emails containing Crimcheck news and marketing communications. Your information will be stored by a third party data processor; IBM Cloud, whose servers are located in the United States, you can read their privacy information here.
In addition, if you have inquired about a product or service we will use the information you have given us to update our customer relationship management system so one of our consultants or advisors can contact you. This information will also be stored by IBM Cloud.
Cookies
Crimcheck employs the use of “cookies” to provide a better service to its users. We do not use cookies to store any personally identifying information from users except to identify a user who has chosen to log in to the site. We do not use cookies to track user activities beyond our web site. For example, we may use cookies to store your country preference. This helps us to improve our website and deliver a better, more personalized service. It is possible to switch off cookies by adjusting your browser preferences.
Third-party cookies are placed by Facebook, and LinkedIn and more information about them can be found by consulting these third parties’ privacy policies, which you can access by clicking each third party’s name in this paragraph.
We also use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage for Crimcheck. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Read Google Analytics privacy policy here.
Note that Crimcheck will not provide any personally identifiable information to third parties for their own marketing purposes.
Our private client/applicant service portal
Log Files
The private Crimcheck client portal is secured and only available to authorized client users. Crimcheck logs information about a user’s IP address, browser type and the current URL, and logs usage throughout the site for security purposes. These log files are stored in a secure location and used in our internal analysis of user logs within our system.
Personal Information Collected for the Purpose of Employment Screening and/or Business Due Diligence
You may be asked for your personal information by a potential employer or business partner in order to facilitate background screening for the purpose of employment or due diligence. This personal information may be relayed or directly input by yourself to Crimcheck for collection as part of contracted services.
Personal Information Disclosure: United States Or Overseas
Generally, Crimcheck does not transfer information to third parties outside of the United States or its territories. Such transfers would only be done if necessary to complete an international background check (e.g., conducting an international criminal check).
The personal information we collect might include, but is not limited to the following:
Title
Name (First and Surname)
Mothers maiden name
Email address
Telephone number
Date of birth
Gender
Previous Names
Marital status
Job title
Current address
Previous addresses
Social Security Number/National Identification Identifiers
Criminal record information
Employment history
Education information
Passport
Driver’s license
Residency documents
Employment references
Educational references
Personal/Professional references
Employer address
All personal information collected is relevant and necessary for Crimcheck to perform our obligations thereon.
Any personal data categorized as ‘special data’ under the GDPR will require the data controller (typically an employer) to either have explicit consent from the individual with notice that processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment or business due diligence.
How is your information used?
Onward Transfer (Transfer to Third Parties)
Crimcheck provides information about data subjects only to our clients and agents, such as third party subcontractors of Crimcheck who are contractually authorized to receive such information for limited and specified purposes only. Crimcheck ensures that any third party for which personal information may be disclosed subscribes to privacy principles consistent with United States law and European data protection directives or are subject to laws providing the same level of privacy protection and agree in writing to provide an adequate level of privacy protection.
We will use the information you give to us to:
Our Clients and Website Visitors
- To carry out our obligations arising from any contracts entered into between our clients and us and to provide you with the information, products and services that are requested from us.
- For the purposes for which you provided it;
- To create your account and enable you to use the Services;
- To verify your identity;
- To provide information about the features and functionality of the Services;
- For customer support and to respond to your inquiries;
- To respond to and fulfill your requests;
- To improve the Services;
- For internal record-keeping purposes and for legal purposes;
- To address fraud or safety concerns, or to investigate complaints or suspected fraud or wrongdoing; and
- To resolve disputes, to protect ourselves and other users, and to enforce any legal terms that govern your use of the Services.
If you are a prospective customer, you will only be marketed to, if you have explicitly agreed to it; Third-party services used in marketing to existing clients include Constant Contact and Unbounce. More information can be found by consulting these third parties’ privacy policies, which you can access by clicking each third party’s name in this paragraph.
Employee and Applicant Information
Crimcheck may collect information from employees and job applicants to perform background screening functions. Individuals will be informed of the purposes for which Crimcheck collects and uses the personal information.
Crimcheck will provide the Individual with the choice and means, if any, for limiting the use and disclosure of their personal information when required, in accordance with federal and state laws. Disclosures or notices will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Crimcheck, or as soon as practicable thereafter, and in any event before Crimcheck uses or discloses the information for a purpose other than for which it was originally collected. Employee and/or applicant information will never be used for any purpose other than it was originally intended, will not be sold, and never be used for marketing purposes. It will only be shared with third parties when necessary and as needed for the completion of background check services.
Consumer Information
Crimcheck may disclose personal information on consumers to third parties in connection with the business transaction and purpose for which it was collected. Third party disclosure of the personal information may include the requesting client company, institutions, employers, courts, law enforcement agencies, third party agents, and other persons, businesses or government agencies as necessary for Crimcheck to complete a background check services.
Crimcheck does not sell or market to the personal information of job applicants, employees or data report subjects.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, but not longer, or as long as is set out in any relevant contract held with us.
We will retain the personal information we process on behalf of our Clients for as long as required by law and as long as required to provide services to our Clients. Crimcheck will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. While Crimcheck has implemented technical, physical and administrative security measures to help protect against the loss, theft, misuse and unauthorized access of your information that we collect from you on behalf of our Clients, we cannot guarantee that our Clients will in like manner follow the terms set forth within this privacy policy and can therefore not be held liable for a Client’s actions.
Who has access to your information?
We will not sell or rent your information to third parties.
Third Party Service Providers working on our behalf:
We may pass your information to our third-party service providers, agents, sub-contractors and other associated organizations for the purposes of completing tasks and providing services to you or on your behalf (for example to process payments or provide a specific record check). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Please be assured that we will not release your information to third parties beyond the Crimcheck network for them to use for their own direct marketing purposes.
Information sources outside of the United States may be contacted, at the client’s request, in order verify information claimed by an applicant which took place outside of the United States. All personal information will be transmitted and stored in a secure manner in accordance with the terms of this Privacy Notice. In the case of international searches, personal information may be transferred to other countries, including countries that have inadequate privacy laws according to the European Commission or other data protection commissions and/or government authorities.
We may transfer your personal information to a third party if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Security
We take steps to protect against the loss, misuse, or unauthorized alteration of personally-identifiable information collected through this web site and otherwise subject to this policy. We recognize the importance of security for all personally-identifiable information collected by our web site. Once we receive personally-identifiable information, we take steps to protect its security on our systems. In the event we request or transmit sensitive information, such as credit card information or Social Security Numbers through this web site, we use industry standard, secure socket layer (SSL) encryption.
We limit access to personally-identifiable information to those employees who need access in order to carry out their job responsibilities.
When we dispose of personally identifiable information collected through this website, we use procedures to dispose of personal information by means such as shredding documents and erasure of electronic media that information cannot be practicably read or reconstructed.
Your rights
There are laws and regulations designed to protect PII in digital form. Examples of laws include the, the US Health Insurance Portability and Accountability Act (HIPAA), the Privacy Act in Australia, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and the General Data Protection Directive in the European Union.
In addition to the company’s safeguards that meet these standards, personal data of EU citizens is protected by the General Data Protection Regulation (GDPR).
Crimcheck confirms that the data we hold about you will be processed lawfully and fairly. It will be kept securely to prevent unauthorized access by other people. If you have concerns about the processing of your personal data by Crimcheck, you may contact us. If you find any inaccuracies with the personal data we retain, we will delete or correct them promptly, if permitted by U.S. law.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for marketing purposes. You can exercise your right to prevent such processing by checking the relevant boxes on the forms we use to collect your data. You can also exercise that right at any time by contacting us.
Contact Information Regarding Privacy Policy
To obtain additional information regarding our Privacy Policy, or to obtain information regarding policies in the event of a compromise of your personal information, please contact us at:
Crimcheck
Compliance Department
Data Protection Officer
P.O. 361309, Strongsville, OH 44136
Phone: 1.877.992.4325
Email: [email protected]
Additional Information for EU Citizens
Right to Access Your Information
The General Data Protection Regulation (GDPR) provides EU citizens with the right to access any information held about you. You can assert this right at any time. We will provide a copy of your information, free of charge.
However, we do reserve the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. We also reserve the right to charge a reasonable fee to comply with further copies of the same information. Any fee will be based on the administrative cost of providing the information. We will endeavor to supply this information without delay and at the latest within one month of receipt. If the request is complex or numerous we can extend this period by a further two months. You will be informed, if this is the case, within one month of the request with an explanation as to why it is necessary.
For the purpose of the General Data Protection Regulation (GDPR) 2016/679, the data controller and/or processor is Crimcheck, a company located and operating in the United States, and who can be contacted at 877-992-4325.
Our legal grounds for using personal data are as follows:
- Contractual Commitments: We may use, share, or disclose information to honor our contractual commitments to you.
- With Your Consent: Where required by law, and in some other cases, we use, share, or disclose information on the basis of your consent.
- Legitimate Interests: In many cases, we use, share, or disclose information on the ground that it furthers our legitimate business interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as customer service, analyzing and improving our business, providing security for our Services, preventing fraud, and managing legal issues.
- Legal Compliance: We need to use, share, and disclose information in certain ways to comply with our legal obligations.
Recourse, Enforcement and Liability
Crimcheck is committed to answer questions and resolve complaints about your privacy and our collection or use of your personal information. EU, EEA and Swiss consumers with inquiries or complaints regarding this privacy policy or the processing of their personal information should first contact Crimcheck at:
Crimcheck
Compliance Department
Data Protection Officer
Jeri L. Johansen
P.O. 361309, Strongsville, OH 44136
Phone: +1 877-992-4325 ext. 4404
Email: [email protected]
Transferring your information outside of the United States
As part of the services offered from Crimcheck for international criminal, education or employment purposes, the information which you provide to us may be transferred to countries outside the United States. These countries may not have similar data protection laws to the United States. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the US in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. If your data is transferred outside of the US it will be done so to allow us to perform any contractual obligations that are required to provide the services, you or (your employer/potential employer) has requested from us.
Security Precautions in Place
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information is encrypted and protected while in transit with 256 Bit SSL encryption. When you are on a secure page, a padlock icon will appear on the address bar of web browsers such as Google Chrome.
Our websites are scanned on a regular basis for known vulnerabilities including regular malware scanning. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have authorized access to such systems and are required to keep the information confidential. Crimcheck cannot ensure or warrant the security of any information you transmit to us by e-mail, and you do so at your own risk.
Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and we also recommend you change your password regularly.
Security breach notification
Crimcheck shall give notice to each organization administrator when the organization’s user information was, or it is reasonably believed to have been, inappropriately accessed as a result of a security breach. Said notice shall be made immediately upon confirmed discovery of the breach (including fulfilling our obligation under the GDPR to notify the ICO within 72 hours) and the time necessary such as to allow Crimcheck to determine the scope of the breach, to identify organizations and individuals affected by the breach, and to restore reasonable integrity of the data system that was breached.
Policy changes
Any changes to this policy will be posted here. Please check back frequently for any updates or changes to this privacy policy. This policy was last updated in May 2018.
If you have any questions regarding this privacy policy or the processing of their personal information should first contact Crimcheck at:
Crimcheck
Compliance Department
Data Protection Officer
Jeri L. Johansen
P.O. 361309, Strongsville, OH 44136
Phone: +1 877-992-4325 ext. 4404
Email: [email protected]
Additional Information for Canadian Users
This Policy applies to customers, users and applicants in both Canada and the United States. However, to the extent that this Policy is inconsistent with any applicable Canadian laws, Crimcheck will comply with the applicable law for customers, users and applicants in Canada. For example, Crimcheck will only send commercial electronic messages to persons located in Canada with explicit, opt-in consent, unless otherwise permitted pursuant to Canadian legislation that is applicable to such activities.
Applicants who are located in Canada should also understand that the nature of the Services will involve Crimcheck obtaining potentially sensitive personal information about them, including consumer reports, criminal record, driving record, as well as education and employment records, from third parties such as consumer reporting agencies, police services and government agencies (e.g., provincial transportation ministries).
Crimcheck will also share Applicants’ personal information with a third party service provider in Canada, for the purpose of completing or facilitating the background checks described in this Policy.
In addition, personal information that is collected in the course of providing the Services will be transferred outside Canada. Therefore, such information may be accessible to law enforcement and national security authorities in the jurisdiction(s) where it is stored or processed.
Canadian customers, users and applicants will be notified of any material changes to this Policy, where such change would result in use or disclosure of their personal information by Crimcheck in a manner not contemplated by this Policy or reasonably expected by the individual.
